Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ManageEngine Service Desk Plus 多个跨站脚本漏洞
Vulnerability Description
ZOHO ManageEngine ServiceDesk是美国卓豪(ZOHO)公司的一套基于web的帮助台(HelpDesk)和资产管理软件。 ManageEngine Service Desk Plus中存在多个跨站脚本漏洞,这些漏洞源于对用户提供的输入数据未经充分的验证。攻击者利用这些漏洞在受影响站点上下文中运行恶意的HTML或JavaScript代码,窃取基于cookie的认证证书并控制站点传达给用户的方式,也可能存在其他攻击。ManageEngine Service Desk Plus 8.1版
CVSS Information
N/A
Vulnerability Type
N/A