CVE-2019-12543 Zoho ManageEngine ServiceDesk Plus 93 XSS vulnerability in PurchaseRequestdo
Information Description: An issue was discovered in Zoho ManageEngine ServiceDesk Plus 93 There is XSS via the PurchaseRequestdo serviceRequestId parameter
Author: Concobe of Tarantula Team - VinCSS (a member of Vingroup)
Payload
domain/PurchaseRequestdo?operation=getAssociatedPrs