2.4
CVE-2024-27314
- EPSS 2.6%
- Published 27.05.2024 07:15:09
- Last modified 17.06.2025 20:18:05
- Source 0fc0942c-577d-436f-ae8e-945763
- Teams watchlist Login
- Open Login
Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Zohocorp ≫ Manageengine Servicedesk Plus Version <= 14.6
Zohocorp ≫ Manageengine Servicedesk Plus Version14.7 Update14700
Zohocorp ≫ Manageengine Servicedesk Plus Version14.7 Update14710
Zohocorp ≫ Manageengine Servicedesk Plus Version14.7 Update14720
Zohocorp ≫ Manageengine Servicedesk Plus Msp Version <= 14.6
Zohocorp ≫ Manageengine Servicedesk Plus Msp Version14.7 Update14700
Zohocorp ≫ Manageengine Servicedesk Plus Msp Version14.7 Update14710
Zohocorp ≫ Manageengine Supportcenter Plus Version <= 14.6
Zohocorp ≫ Manageengine Supportcenter Plus Version14.7 Update14700
Zohocorp ≫ Manageengine Supportcenter Plus Version14.7 Update14710
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.6% | 0.851 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| 0fc0942c-577d-436f-ae8e-945763c79b02 | 2.4 | 0.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.