Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-12189Cross-site Scripting in Manageengine Servicedesk Plus

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
6.8%
top 8.64%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Zohocorp Manageengine Servicedesk Plus
Timeline
PublishedMay 21
Latest updateMay 24

Description

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-3q52-w694-7445: An issue was discovered in Zoho ManageEngine ServiceDesk Plus 92022-05-24
CVEList
CVE-2019-12189: An issue was discovered in Zoho ManageEngine ServiceDesk Plus 92019-05-21

💥Exploits & PoCs

1
Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting2019-05-22
CVE-2019-12189 — Cross-site Scripting | cvebase