HTML Injection and Stored XSS in Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109 via /ServiceContractDef.do contractName parameter
CVE-2018-16965 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
Learn more about our Web Application Penetration Testing UK.