Published: 05/06/2019 Updated: 06/06/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zohocorp manageengine servicedesk plus 9.3

# Exploit Title: Zoho ManageEngine ServiceDesk Plus 93 Cross-Site Scripting via SolutionSearchdo # Date: 2019-06-04 # Exploit Author: Tarantula Team - VinCSS (a member of Vingroup) # Vendor Homepage: wwwmanageenginecom/products/service-desk # Version: Zoho ManageEngine ServiceDesk Plus 93 # CVE : CVE-2019-12541 Information Descripti ...

Zoho ManageEngine ServiceDesk Plus version 93 suffers from multiple cross site scripting vulnerabilities ...

CVE-2019-12541 Zoho ManageEngine ServiceDesk Plus 93 XSS vulnerability in SolutionSearchdo Information Description: An issue was discovered in Zoho ManageEngine ServiceDesk Plus 93 There is XSS via the SolutionSearchdo searchText parameter Author: Concobe of Tarantula Team - VinCSS (a member of Vingroup) Payload domain/SolutionSearchdo?searchText=1'%3balert('XS

CWE-79 https://www.manageengine.com/products/service-desk/readme.html https://github.com/tarantula-team/CVE-2019-12541 https://nvd.nist.gov https://github.com/tarantula-team/CVE-2019-12541 https://www.exploit-db.com/exploits/46964

CVE-2019-12541

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect