Persistent Cross-Site Scripting (XSS) Vulnerability in ManageEngine ServiceDesk Plus and AssetExplorer

Persistent Cross-Site Scripting (XSS) Vulnerability in ManageEngine ServiceDesk Plus and AssetExplorer

CVE-2021-20080 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.

Learn more about our Web Application Penetration Testing UK.