CVE-2024-41150

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.9%

top 24.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Servicedesk Plus Manageengine Servicedesk Plus MSP Manageengine Supportcenter Plus +3 more

Timeline

PublishedAug 23

Description

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:NExploitability: 2.1 | Impact: 4.2

Affected Packages6 packages

▶NVDzohocorp/manageengine_servicedesk_plus14.7+1

▶NVDzohocorp/manageengine_servicedesk_plus_msp14.7+1

▶CVEListV5manageengine/servicedesk_plus14810

▶CVEListV5manageengine/servicedesk_plus_msp14800

▶NVDzohocorp/manageengine_supportcenter_plus14.7+1

🔴Vulnerability Details

CVEList

Stored XSS↗2024-08-23

▶

GHSA

GHSA-6c2h-4vcm-x8p4: An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter↗2024-08-23

▶