CVE-2021-46065 — Cross-site Scripting in Manageengine Servicedesk Plus

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

20.4%

top 4.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Servicedesk Plus

Timeline

PublishedJan 27

Latest updateJan 28

Description

A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

▶NVDzohocorp/manageengine_servicedesk_plus11.3

🔴Vulnerability Details

GHSA

GHSA-xph7-8872-8h48: A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11↗2022-01-28

▶

CVEList

CVE-2021-46065: A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11↗2022-01-27

▶