OpenText ZENworks Service Desk Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in OpenText ZENworks Service Desk versions 25.2 and 25.3. This issue arises from improper input neutralization during web page generation, allowing attackers to execute arbitrary JavaScript. Such execution could lead to unauthorized actions being performed on behalf of the user.

Impact

Exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript in the context of the affected application, potentially leading to unauthorized actions on behalf of the user.

Remediation

Users on ZENworks Service Desk version 25.3 should apply the product patches available through the Online Update channel. Those on version 25.2 should apply the product patches available on the SLD portal. Alternatively, ZENworks Service Desk can be upgraded to version 25.4.0 or higher.