Skip to main content

Manageengine Servicedesk Plus CVE-2024-50053

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2025-03-21 0fc0942c-577d-436f-ae8e-945763c79b02
6.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:32 vuln.today
CVE Published
Mar 21, 2025 - 06:15 nvd
MEDIUM 6.3

DescriptionCVE.org

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.

AnalysisAI

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. Affected products include: Zohocorp Manageengine Servicedesk Plus, Zohocorp Manageengine Servicedesk Plus Msp, Zohocorp Manageengine Supportcentre Plus.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2021-44077 CRITICAL POC
9.8 Nov 29

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014

CVE-2021-37415 CRITICAL POC
9.8 Sep 01

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs w

CVE-2019-8394 MEDIUM POC
6.5 Feb 17

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via l

CVE-2019-15046 HIGH POC
7.5 Aug 14

Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over

CVE-2021-20081 HIGH POC
7.2 Jun 10

Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticate

CVE-2020-13154 MEDIUM POC
6.5 May 18

Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Pro

CVE-2021-20080 MEDIUM POC
6.1 Apr 09

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer be

CVE-2019-12540 MEDIUM POC
6.1 Jul 11

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. Rated medium severity (CVSS 6.1), this vulnerability

CVE-2019-12539 MEDIUM POC
6.1 Jul 11

An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. Rated medium severity (CVSS 6.1

CVE-2019-12543 MEDIUM POC
6.1 Jun 05

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability

CVE-2019-12542 MEDIUM POC
6.1 Jun 05

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability

CVE-2019-12541 MEDIUM POC
6.1 Jun 05

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability

Share

CVE-2024-50053 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy