CVE-2019-12189 - Zoho ManageEngine ServiceDesk Plus 93 XSS vulnerability
Information
Description:XSS was discovered in ManageEngine ServiceDesk Plus version
Versions Affected: 93
Researcher: Dang The Tuyen
Proof-of-concept
The vulnerability stems from the confusion of both single quotes and semicolon in the query string of the URL
payload: ';alert('XSS');'