Zoho · Zoho Manageengine Servicedesk Plus · CVE-2023-49943
**Name of the Vulnerable Software and Affected Versions**
Zoho ManageEngine ServiceDesk Plus MSP versions prior to 14504
**Description**
The issue allows stored XSS via a task's name in a time sheet, which can be exploited by a low-privileged technician.
**Recommendations**
For versions prior to 14504, update to version 14504 or later to resolve the issue. As a temporary workaround, consider restricting the ability of low-privileged technicians to input data into task names in time sheets until a patch is applied.