CVE-2018-5799: XSS
First published: Fri Mar 30 2018(Updated: )
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Servicedesk Plus | <9403 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2018-5799.
What is the severity of CVE-2018-5799?
The severity of CVE-2018-5799 is medium (6.1).
How does CVE-2018-5799 affect Zoho ManageEngine ServiceDesk Plus?
CVE-2018-5799 affects Zoho ManageEngine ServiceDesk Plus versions before 9403.
What is the CWE ID of CVE-2018-5799?
The CWE ID of CVE-2018-5799 is CWE-79.
How can I fix the XSS issue associated with CVE-2018-5799?
To fix the XSS issue associated with CVE-2018-5799, update Zoho ManageEngine ServiceDesk Plus to version 9403 or later.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zohocorp
- canonical/zohocorp manageengine servicedesk plus