EIP-2026-102500

PRE-CVE

ManageEngine ServiceDesk Plus 8.0 Build 8013 - Multiple Cross-Site Scripting Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102500. PoCs published by Narendra Shinde.

AI-analyzed exploit summary This advisory details multiple persistent XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.0 Build 8013, where user-supplied input via parameters like 'Name', 'Site name', and 'Group Name' is not properly sanitized, allowing arbitrary script execution in the context of the targeted site.

Description

ManageEngine ServiceDesk Plus 8.0 Build 8013 - Multiple Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by Narendra Shinde · textwebappsjsp

https://www.exploit-db.com/exploits/17586

View Code ZIP pw:eip

This advisory details multiple persistent XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.0 Build 8013, where user-supplied input via parameters like 'Name', 'Site name', and 'Group Name' is not properly sanitized, allowing arbitrary script execution in the context of the targeted site.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: ManageEngine ServiceDesk Plus 8.0 Build 8013

Auth required

Prerequisites: Authenticated access to the application · User interaction to trigger the XSS payload

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026