Zenworks Service Desk

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-3278 HIGH This Week

OpenText ZENworks Service Desk contains an improper input neutralization vulnerability (CWE-79 Cross-Site Scripting) that allows attackers to inject and execute arbitrary JavaScript in the context of a user's browser session. Affected versions are 25.2 and 25.3. Successful exploitation enables unauthorized actions on behalf of the user, including session hijacking, credential theft, or lateral movement within the service desk application.

XSS Zenworks Service Desk

NVD VulDB

CVSS 4.0

7.4

EPSS

0.0%

CVE-2026-3278

EPSS 0% CVSS 7.4

HIGH This Week

OpenText ZENworks Service Desk contains an improper input neutralization vulnerability (CWE-79 Cross-Site Scripting) that allows attackers to inject and execute arbitrary JavaScript in the context of a user's browser session. Affected versions are 25.2 and 25.3. Successful exploitation enables unauthorized actions on behalf of the user, including session hijacking, credential theft, or lateral movement within the service desk application.

XSS Zenworks Service Desk

NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy