CVE-2024-50053

Summary

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.

Affected Software

VendorProductVersion RangeStatus
ManageEngineServiceDesk Plus0 <= 14910affected
ManageEngineServiceDesk Plus MSP0 <= 14900affected
ManageEngineSupportCentre Plus0 <= 14900affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References