CVE-2021-20080
N/A
N/A
Summary
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | ManageEngine ServiceDesk Plus | Before 11200 | affected |
| n/a | ManageEngine AssetExplorer | Before 6800 | affected |
Weaknesses
- Unauthenticated Stored Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.