National Cyber Warfare Foundation (NCWF)

CVE-2019-15083
0 user ratings		2019-08-15 00:00:00
milo
CVEs
 - archive -- 

CVE-2019-15083

Date: 2019-08-15

Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.



References:


Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
CVEs


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.