Vulnerability Details CVE-2020-6843
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.2%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2020/Jan/32
- https://sec-consult.com/en/vulnerability-lab/advisories/index.html
- https://seclists.org/bugtraq/2020/Jan/34
- https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959
- http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2020/Jan/32
- https://sec-consult.com/en/vulnerability-lab/advisories/index.html
- https://seclists.org/bugtraq/2020/Jan/34
- https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959
Products affected by CVE-2020-6843
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:-
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.1
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4