Vulnerability Details CVE-2023-49943
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.4%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2023-49943
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:-
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.2
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.5