CVE-2024-50053 MEDIUM

CVE-2024-50053: Stored XSS

Vendor Manageengine
Product ServiceDesk Plus
Weakness CWE-79 · XSS
Published March 21, 2025
Last update May 5, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

What the vulnerability does

01Description

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.

Key dates

02Disclosure timeline

March 21, 2025 CVE published
May 5, 2025 Record updated