Published: 05/06/2019 Updated: 06/06/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zohocorp manageengine servicedesk plus 9.3

# Exploit Title: Zoho ManageEngine ServiceDesk Plus 93 Cross-Site Scripting via SiteLookupdo # Date: 2019-06-04 # Exploit Author: Tarantula Team - VinCSS (a member of Vingroup) # Vendor Homepage: wwwmanageenginecom/products/service-desk # Version: Zoho ManageEngine ServiceDesk Plus 93 # CVE : CVE-2019-12538 Information Description: A ...

Zoho ManageEngine ServiceDesk Plus version 93 suffers from multiple cross site scripting vulnerabilities ...

CVE-2019-12538 Zoho ManageEngine ServiceDesk Plus 93 XSS vulnerability in SiteLookupdo Information Description: An issue was discovered in Zoho ManageEngine ServiceDesk Plus 93 There is XSS via the SiteLookupdo qc_siteID parameter Author: Concobe of Tarantula Team - VinCSS (a member of Vingroup) Payload domain/SiteLookupdo?configID=0&SELECTSITE=qc_siteID"/&a

CWE-79 https://www.manageengine.com/products/service-desk/readme.html https://github.com/tarantula-team/CVE-2019-12538 https://nvd.nist.gov https://github.com/tarantula-team/CVE-2019-12538 https://www.exploit-db.com/exploits/46963

CVE-2019-12538

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect