CVE-2018-16965

In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*

Information

Published : 2018-09-21 10:29

Updated : 2018-11-09 09:52


NVD link : CVE-2018-16965

Mitre link : CVE-2018-16965


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

zohocorp

  • manageengine_supportcenter_plus