XSS in Manageengine Servicedesk Plus
CVE-2024-41150
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: t…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.012 (64.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N.
Affected products
- Manageengine Servicedesk Plus — versions 0
- Manageengine Servicedesk Plus Msp — versions 0
- Manageengine Supportcenter Plus — versions 0
- Zohocorp Manageengine_servicedesk_plus — versions 14.8
- Zohocorp Manageengine_servicedesk_plus_msp — versions 14.8
- Zohocorp Manageengine_supportcenter_plus — versions 14.8
Weakness classification (CWE)
References
- 0fc0942c-577d-436f-ae8e-945763c79b02 (Vendor Advisory)
Frequently asked questions
- What is CVE-2024-41150?
- CVE-2024-41150 is a medium-severity vulnerability in Manageengine Servicedesk Plus, classified under Cross-site Scripting. CVSS score: 6.3/10. Published 2024-08-23.
- How severe is CVE-2024-41150?
- Medium severity. CVSS v3 base score is 6.3 out of 10.