EIP-2026-119399

PRE-CVE

ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119399. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This advisory details multiple persistent XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.0, affecting both user and admin modules. The vulnerabilities allow remote attackers to inject malicious script code via parameters like 'Name', 'Subject', and 'Description'.

Description

ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappswindows

https://www.exploit-db.com/exploits/22879

View Code ZIP pw:eip

This advisory details multiple persistent XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.0, affecting both user and admin modules. The vulnerabilities allow remote attackers to inject malicious script code via parameters like 'Name', 'Subject', and 'Description'.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: ManageEngine ServiceDesk Plus 8.0

Auth required

Prerequisites: Low-privileged user account · User interaction to view injected content

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026