Vulnerability Monitor

Type: Primary CWE-79
Type: Secondary CWE-79

The vendors, products, and vulnerabilities you care about

CVE-2023-49943

Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.

2024-01-18T19:15:09.340

2025-06-02T15:15:23.877

Modified

CVSSv3.1: 5.4 (MEDIUM)

Type	Vendor	Product	Version/Range	Vulnerable?
Application	zohocorp	manageengine_servicedesk_plus_msp	< 14.5	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	14.5	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	14.5	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	14.5	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	14.5	Yes