CVE-2019-12538
MEDIUMZoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting via SiteLookup.do Search Field
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2019-12538. PoCs published by Vingroup, tarantula-team.
AI-analyzed exploit summary This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 via the SiteLookup.do endpoint. The attack vector involves injecting malicious JavaScript code through the qc_siteID parameter.
Description
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
Exploits (2)
This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 via the SiteLookup.do endpoint. The attack vector involves injecting malicious JavaScript code through the qc_siteID parameter.
The repository contains a functional XSS payload for CVE-2019-12538, targeting Zoho ManageEngine ServiceDesk Plus 9.3 via the SiteLookup.do endpoint. The payload exploits the qc_siteID parameter to trigger a cross-site scripting vulnerability.
References (2)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N