CVE-2021-20080

Publication date

2021-04-09 17:21:07

Family

tenable

State

PUBLISHED

Description

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.