Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors.

Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.