Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZOHO ManageEngine ServiceDesk Plus 跨站脚本漏洞
Vulnerability Description
ZOHO ManageEngine ServiceDesk Plus是美国卓豪(ZOHO)公司的一套基于ITIL架构的IT服务管理软件(ITSM)。该软件集成了事件管理、问题管理、资产管理、IT项目管理、采购与合同管理等功能模块。 ManageEngine ServiceDesk Plus 11200之前版本和ManageEngine AssetExplorer 6800之前版本存在跨站脚本漏洞,该漏洞允许远程、未经身份验证的攻击者通过上传精心制作的XML资产文件进行持久跨站脚本(XSS)攻击。
CVSS Information
N/A
Vulnerability Type
N/A