Test ID:	1.3.6.1.4.1.25623.1.0.801962
Category:	Web application abuses
Title:	ManageEngine ServiceDesk Plus < 8.0 Build 8013 Multiple XSS Vulnerabilities
Summary:	ManageEngine ServiceDesk Plus is prone to multiple cross-site; scripting (XSS) vulnerabilities.
Description:	Summary: ManageEngine ServiceDesk Plus is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: Multiple flaws are due to an error in, - 'SetUpWizard.do' when handling configuration wizard (add new technician) action via 'Name' parameter. - 'SiteDef.do' when handling add a new site action via 'Site name' parameter. - 'GroupResourcesDef.do' when handling add a create group action via 'Group Name' parameter. - 'LicenseAgreement.do' when handling add a new license agreement action via 'Agreement Number' parameter. - 'ManualNodeAddition.do' when handling server configuration (computer) action via 'Name' parameter. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an attacker to steal cookie-based authentications and launch further attacks. Affected Software/OS: ManageEngine ServiceDesk Plus 8.0 Build 8013 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.