Vulnerability Details CVE-2021-46065
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.212
EPSS Ranking 95.4%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md
- https://www.manageengine.com/products/service-desk/on-premises/readme.html
- https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md
- https://www.manageengine.com/products/service-desk/on-premises/readme.html
Products affected by CVE-2021-46065
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3