This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
The remote web server hosts an application that may be affected by
several cross-site scripting vulnerabilities.
The remote host contains ManageEngine ServiceDesk Plus version 8.0.0
prior to build 8015. It is thus potentially affected by multiple
cross-site scripting vulnerabilities. The following pages do not
properly sanitize input to the following scripts and parameters :
- Page : 'AddSolution.do'
Parameters : 'comments' and 'keywords'
- Page : 'AnnounceShow.do'
Parameter : 'select'
- Pages : 'AddNewProblem.cc', 'ChangeDetails.cc'
Parameter : 'reqName'
- Page : 'calendar/MiniCalendar.jsp'
Parameter : 'module'
- Pages : 'HomePage.do' and 'jsp/ServiceCatalog.jsp'
Parameter : 'serviceID'
- Page : 'WorkOrder.do'
Parameters : 'attach', 'category', 'description',
'level', 'reqName' and 'title'.
See also :
Upgrade to ManageEngine ServiceDesk Plus version 8.0.0 build 8015 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 57371 ()
Bugtraq ID: 49291
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.