Vulnerability Description
Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Servicedesk Plus | <= 14.6 |
| Zohocorp | Manageengine Servicedesk Plus Msp | <= 14.6 |
| Zohocorp | Manageengine Supportcenter Plus | <= 14.6 |
Related Weaknesses (CWE)
References
- https://www.manageengine.com/products/service-desk/cve-2024-27314.htmlVendor Advisory
- https://www.manageengine.com/products/service-desk/cve-2024-27314.htmlVendor Advisory
FAQ
What is CVE-2024-27314?
CVE-2024-27314 is a vulnerability with a CVSS score of 2.4 (LOW). Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request deta...
How severe is CVE-2024-27314?
CVE-2024-27314 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-27314?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Servicedesk Plus, Zohocorp Manageengine Servicedesk Plus Msp, Zohocorp Manageengine Supportcenter Plus.