{"vulnerability": "cve-2019-15083", "sightings": [{"uuid": "042d197d-474d-40ac-8083-cf8e9b3a5d97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-15083", "type": "seen", "source": "https://t.me/cibsecurity/12066", "content": "ATENTION\u203c New - CVE-2019-15083\n\nDefault installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At \"Asset Home &gt; Server &gt;  &gt; software\" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-14T18:34:13.000000Z"}]}