CVE-2024-50053

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-50053

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

Z

ohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.

References
Link Resource
https://www.manageengine.com/products/service-desk/CVE-2024-50053.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.9:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.9:14910:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.9:14900:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_supportcentre_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_supportcentre_plus:14.9:14900:*:*:*:*:*:*
History

27 Mar 2025, 13:10

Type Values Removed Values Added
First Time Zohocorp
Zohocorp manageengine Supportcentre Plus
Zohocorp manageengine Servicedesk Plus
Zohocorp manageengine Servicedesk Plus Msp
Summary
  • (es) Las versiones de Zohocorp ManageEngine ServiceDesk Plus anteriores a 14920, ServiceDesk Plus MSP y SupportCentre Plus anteriores a 14910 son vulnerables a XSS almacenado en la función de tareas.
CPE cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.9:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.9:14900:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.9:14910:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_supportcentre_plus:14.9:14900:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_supportcentre_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*
References () https://www.manageengine.com/products/service-desk/CVE-2024-50053.html - () https://www.manageengine.com/products/service-desk/CVE-2024-50053.html - Vendor Advisory

21 Mar 2025, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-21 06:15

Updated : 2025-03-27 13:10

NVD link : CVE-2024-50053

Mitre link : CVE-2024-50053

CVE.ORG link : CVE-2024-50053

JSON object : View

Products Affected

zohocorp

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')