Vulnerability Database

289,782

Total vulnerabilities in the database

CVE-2019-15083

Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.

  • Published: May 14, 2020
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-15083
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
zohocorp / manageengine_servicedesk_plus 10.0.0-10021 10.0.0-10021.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10020 10.0.0-10020.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10019 10.0.0-10019.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10018 10.0.0-10018.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10017 10.0.0-10017.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10016 10.0.0-10016.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10015 10.0.0-10015.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10014 10.0.0-10014.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10013 10.0.0-10013.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10012 10.0.0-10012.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10011 10.0.0-10011.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10010 10.0.0-10010.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10009 10.0.0-10009.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10008 10.0.0-10008.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10007 10.0.0-10007.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10006 10.0.0-10006.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10005 10.0.0-10005.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10004 10.0.0-10004.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10003 10.0.0-10003.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10002 10.0.0-10002.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10001 10.0.0-10001.x
zohocorp / manageengine_servicedesk_plus 10.0.0-10000 10.0.0-10000.x
zohocorp / manageengine_servicedesk_plus 10.0.0 10.0.0.x