CVE-2019-12189 - Zoho ManageEngine ServiceDesk Plus 9.3 XSS vulnerability
Information Description:An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
Researcher: Enter of VinCSS (Vingroup)
The vulnerability stems from the confusion of both single quotes and semicolon in the query string of the URL.
payload: ';alert('XSS');' Attack vector: http:///SearchN.do