What is the severity of CVE-2024-27314?

CVE-2024-27314 is classified as a stored XSS vulnerability that can potentially allow attackers to execute malicious scripts.

Who can exploit CVE-2024-27314?

Only users with the SDAdmin role can exploit CVE-2024-27314 to execute the stored XSS attack.

How do I fix CVE-2024-27314?

To fix CVE-2024-27314, upgrade to Zoho ManageEngine ServiceDesk Plus version 14730 or higher, ServiceDesk Plus MSP version 14720 or higher, or SupportCenter Plus version 14720 or higher.

What type of vulnerability is CVE-2024-27314?

CVE-2024-27314 is a stored cross-site scripting (XSS) vulnerability found in the Custom Actions menu.

Vulnerability/
CVE-2024-27314

low

2.4

CWE

27/5/2024

2/8/2024

CVE-2024-27314: Stored XSS Vulnerability

Q: Which products are affected by CVE-2024-27314?

CVE-2024-27314 affects Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720, and SupportCenter Plus below 14720.

First published: Mon May 27 2024(Updated: )

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.

Credit: 0fc0942c-577d-436f-ae8e-945763c79b02

Affected Software	Affected Version	How to fix
Zoho ManageEngine	<14730
ManageEngine ServiceDesk Plus	<14720
ManageEngine SupportCenter Plus	<14720

Never miss a vulnerability like this again

Reference Links

https://www.manageengine.com/products/service-desk/cve-2024-27314.html

Frequently Asked Questions

What is the severity of CVE-2024-27314?
CVE-2024-27314 is classified as a stored XSS vulnerability that can potentially allow attackers to execute malicious scripts.
Who can exploit CVE-2024-27314?
Only users with the SDAdmin role can exploit CVE-2024-27314 to execute the stored XSS attack.
How do I fix CVE-2024-27314?
To fix CVE-2024-27314, upgrade to Zoho ManageEngine ServiceDesk Plus version 14730 or higher, ServiceDesk Plus MSP version 14720 or higher, or SupportCenter Plus version 14720 or higher.
Which products are affected by CVE-2024-27314?
CVE-2024-27314 affects Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720, and SupportCenter Plus below 14720.
What type of vulnerability is CVE-2024-27314?
CVE-2024-27314 is a stored cross-site scripting (XSS) vulnerability found in the Custom Actions menu.

agent/title
agent/references
agent/type
agent/first-publish-date
agent/author
agent/severity
agent/description
agent/weakness
agent/event
collector/nvd-api
source/NVD
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/zoho
canonical/zoho manageengine
canonical/manageengine servicedesk plus
canonical/manageengine supportcenter plus

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.