HTML Injection and Stored XSS in Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109 via /ServiceContractDef.do contractName parameter

HTML Injection and Stored XSS in Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109 via /ServiceContractDef.do contractName parameter

CVE-2018-16965 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.

Learn more about our Web Application Penetration Testing UK.