Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Zoho
Manageengine Servicedesk Plus
Manageengine Servicedesk Plus Msp
Manageengine Supportcenter Plus
NVD
CVSS 3.1
2.4
EPSS
1.9%