CVE-2024-38869

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions prior to 14.8.20 Zoho ManageEngine ServiceDesk Plus MSP versions prior to 14.8.20 Zoho ManageEngine SupportCenter Plus versions prior to 14.8.20 Zoho ManageEngine Endpoint Central versions prior to 11.3.2416.04 and prior to 11.3.2400.25

Description: The issue is related to a stored cross-site scripting vulnerability due to authorization mechanism weaknesses. This can allow a remote attacker to conduct an XSS attack.

Recommendations: For Zoho ManageEngine ServiceDesk Plus versions prior to 14.8.20, update to version 14.8.20 or later to resolve the issue. For Zoho ManageEngine ServiceDesk Plus MSP versions prior to 14.8.20, update to version 14.8.20 or later to resolve the issue. For Zoho ManageEngine SupportCenter Plus versions prior to 14.8.20, update to version 14.8.20 or later to resolve the issue. For Zoho ManageEngine Endpoint Central versions prior to 11.3.2416.04 and prior to 11.3.2400.25, update to version 11.3.2416.04 or version 11.3.2400.25 or later to resolve the issue.