What is the severity of CVE-2024-50053?

CVE-2024-50053 is classified as a moderate severity vulnerability due to its impact on user data via stored XSS.

How do I fix CVE-2024-50053?

To fix CVE-2024-50053, upgrade to ManageEngine ServiceDesk Plus version 14920 or later, or to version 14910 for ServiceDesk Plus MSP and SupportCentre Plus.

What products are affected by CVE-2024-50053?

CVE-2024-50053 affects ManageEngine ServiceDesk Plus versions below 14920, and ServiceDesk Plus MSP and SupportCentre Plus versions below 14910.

What is a stored XSS vulnerability in CVE-2024-50053?

Stored XSS in CVE-2024-50053 allows attackers to inject malicious scripts that are permanently stored on the server and can be executed in users' browsers.

Is user data at risk due to CVE-2024-50053?

Yes, user data is at risk due to the potential for attackers to exploit the stored XSS vulnerability in CVE-2024-50053.

Vulnerability/
CVE-2024-50053

medium

6.3

CWE

21/3/2025

5/5/2025

CVE-2024-50053: Stored XSS

First published: Fri Mar 21 2025(Updated: )

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.

Credit: 0fc0942c-577d-436f-ae8e-945763c79b02

Affected Software	Affected Version	How to fix
ManageEngine ServiceDesk Plus	<14920
ManageEngine ServiceDesk Plus MSP	<14910
Zoho SupportCenter Plus	<14910
ManageEngine ServiceDesk Plus	<14.9
ManageEngine ServiceDesk Plus	=14.9
ManageEngine ServiceDesk Plus	=14.9-14910
ManageEngine ServiceDesk Plus MSP	<14.9
ManageEngine ServiceDesk Plus MSP	=14.9-14900
Zoho ManageEngine SupportCenter Plus	<14.9
Zoho ManageEngine SupportCenter Plus	=14.9-14900

Never miss a vulnerability like this again

Reference Links

https://www.manageengine.com/products/service-desk/CVE-2024-50053.html

Frequently Asked Questions

What is the severity of CVE-2024-50053?
CVE-2024-50053 is classified as a moderate severity vulnerability due to its impact on user data via stored XSS.
How do I fix CVE-2024-50053?
To fix CVE-2024-50053, upgrade to ManageEngine ServiceDesk Plus version 14920 or later, or to version 14910 for ServiceDesk Plus MSP and SupportCentre Plus.
What products are affected by CVE-2024-50053?
CVE-2024-50053 affects ManageEngine ServiceDesk Plus versions below 14920, and ServiceDesk Plus MSP and SupportCentre Plus versions below 14910.
What is a stored XSS vulnerability in CVE-2024-50053?
Stored XSS in CVE-2024-50053 allows attackers to inject malicious scripts that are permanently stored on the server and can be executed in users' browsers.
Is user data at risk due to CVE-2024-50053?
Yes, user data is at risk due to the potential for attackers to exploit the stored XSS vulnerability in CVE-2024-50053.

collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/title
agent/description
agent/type
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/author
agent/source
agent/last-modified-date
agent/severity
agent/event
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
vendor/zohocorp
canonical/manageengine servicedesk plus
canonical/manageengine servicedesk plus msp
canonical/zoho supportcenter plus
version/manageengine servicedesk plus/14.9
version/manageengine servicedesk plus/14.9-14910
version/manageengine servicedesk plus msp/14.9-14900
canonical/zoho manageengine supportcenter plus
version/zoho manageengine supportcenter plus/14.9-14900

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.