CVE-2019-12189

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ServiceDesk Plus version 9.3

Description An issue was discovered in the software, where there is a cross-site scripting (XSS) vulnerability via the SearchN.do search field. This allows for potential malicious script execution.

Recommendations For Zoho ManageEngine ServiceDesk Plus version 9.3, consider restricting access to the SearchN.do search field until a patch is available. As a temporary workaround, avoid using the search field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.