Test ID:	1.3.6.1.4.1.25623.1.0.902469
Category:	Web application abuses
Title:	ManageEngine ServiceDesk Plus < 8.0 Build 8015 Multiple Stored XSS Vulnerabilities
Summary:	ManageEngine ServiceDesk Plus is prone to multiple stored; cross-site scripting (XSS) vulnerabilities.
Description:	Summary: ManageEngine ServiceDesk Plus is prone to multiple stored cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: Multiple flaws are due to an error in, - 'WorkOrder.do', 'Problems.cc', 'AddNewProblem.cc', 'ChangeDetails.c' when processing the 'reqName' parameter. - 'WorkOrder.do' when processing the various parameters. - 'AddSolution.do' when handling add action via ' keywords' and 'comment' parameters. - 'ContractDef.do' when processing the 'supportDetails', 'contractName' and 'comments' parameters. - 'VendorDef.do' and 'MarkUnavailability.jsp' hen processing the 'organizationName' and 'COMMENTS' parameters. - 'HomePage.do', 'MySchedule.do', and 'WorkOrder.d' when handling the HTTP header elements 'referer' and 'accept-language'. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an attacker to steal cookie-based authentications and launch further attacks. Affected Software/OS: ManageEngine ServiceDesk Plus 8.0 Build 8013 and prior. Solution: Upgrade to ManageEngine ServiceDesk Plus 8.0 Build 8015 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.