Skip to content
CVE-2019-12189 - Zoho ManageEngine ServiceDesk Plus 9.3 XSS vulnerability
Branch: master
Clone or download
Latest commit 4d7efd2 May 20, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
1.jpg
2.jpg
README.md Update README.md May 20, 2019

README.md

CVE-2019-12189 - Zoho ManageEngine ServiceDesk Plus 9.3 XSS vulnerability

Information Description:An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.

Researcher: Enter of VinCSS (Vingroup)

Proof-of-concept

The vulnerability stems from the confusion of both single quotes and semicolon in the query string of the URL.

payload: ';alert('XSS');' Attack vector: http:///SearchN.do

Screenshot

Alt text Alt text

You can’t perform that action at this time.