CVE-2019-12189: XSS
First published: Tue May 21 2019(Updated: )
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Servicedesk Plus | =9.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-12189.
What is the severity of CVE-2019-12189?
The severity of CVE-2019-12189 is medium.
What is the affected software for CVE-2019-12189?
The affected software for CVE-2019-12189 is Zoho ManageEngine ServiceDesk Plus version 9.3.
How does CVE-2019-12189 work?
CVE-2019-12189 allows attackers to perform cross-site scripting (XSS) attacks via the SearchN.do search field in Zoho ManageEngine ServiceDesk Plus 9.3.
Is there a fix for CVE-2019-12189?
Yes, it is recommended to upgrade to a newer version of Zoho ManageEngine ServiceDesk Plus that does not contain the vulnerability.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/zohocorp
- canonical/zohocorp manageengine servicedesk plus
- version/zohocorp manageengine servicedesk plus/9.3