CVE-2024-27314 LOW

CVE-2024-27314: Stored XSS Vulnerability

Vendor Manageengine
Product ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter Plus
Weakness CWE-79 · XSS
Published May 27, 2024
Last update August 2, 2024

CVSS base score

2.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.

Key dates

02Disclosure timeline

May 27, 2024 CVE published
August 2, 2024 Record updated