Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated malicious user to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|