Dinh Vu

**Name of the Vulnerable Software and Affected Versions** ManageEngine ServiceDesk Plus versions below 14920 ManageEngine ServiceDesk Plus MSP versions below 14910 ManageEngine SupportCentre Plus versions below 14910 **Description** The issue concerns a Stored XSS vulnerability in the task feature. This allows for malicious scripts to be stored and executed when a user accesses the task, potentially leading to unauthorized actions or data theft. **Recommendations** For ManageEngine ServiceDesk Plus versions below 14920, update to a version equal to or above 14920 to resolve the issue. For ManageEngine ServiceDesk Plus MSP versions below 14910, update to a version equal to or above 14910 to resolve the issue. For ManageEngine SupportCentre Plus versions below 14910, update to a version equal to or above 14910 to resolve the issue. As a temporary workaround, consider restricting access to the task feature in the affected software until a patch is available.