CVE-2021-20080

Published: 2021-04-09T18:15Z

Last Modified: 2024-11-21T05:45Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt