Unrated severityNVD Advisory· Published May 27, 2024· Updated Aug 2, 2024

Stored XSS Vulnerability

CVE-2024-27314

Description

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.

Affected products

Manageengine/Supportcenter Plusllm-fuzzy2 versions
<14720+ 1 more
- (no CPE)range: <14720
- (no CPE)range: 0
Zohocorp/Servicedesk Plusllm-fuzzy
Range: <14720
Zohocorp/ManageEngine ServiceDesk Plus MSPllm-fuzzy
Range: <14730

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

www.manageengine.com/products/service-desk/cve-2024-27314.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000