Lucene search
MitreCVE-2023-38331HistoryJul 28, 2023 - 2:15 a.m.
CVE-2023-38331
2023-07-2802:15:10
CWE-79
mitre
web.nvd.nist.gov
28
zoho
manageengine
support center plus
14001
vulnerability
stored xss
products module
nvd
cve-2023-38331
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.2
Confidence
High
EPSS
0.008
Percentile
81.6%
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.
Affected configurations
Node
zohocorpmanageengine_supportcenter_plusMatch8.08015
ORzohocorpmanageengine_supportcenter_plusMatch8.18100
ORzohocorpmanageengine_supportcenter_plusMatch8.18101
ORzohocorpmanageengine_supportcenter_plusMatch8.18102
ORzohocorpmanageengine_supportcenter_plusMatch8.18117
ORzohocorpmanageengine_supportcenter_plusMatch8.18118
ORzohocorpmanageengine_supportcenter_plusMatch8.18119
ORzohocorpmanageengine_supportcenter_plusMatch8.18121
ORzohocorpmanageengine_supportcenter_plusMatch11.011000
ORzohocorpmanageengine_supportcenter_plusMatch11.011024
ORzohocorpmanageengine_supportcenter_plusMatch11.011026
ORzohocorpmanageengine_supportcenter_plusMatch11.011027
ORzohocorpmanageengine_supportcenter_plusMatch14.014000
ORzohocorpmanageengine_supportcenter_plusMatch14.014001
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_supportcenter_plus | 8.0 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.0:8015:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 8.1 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:8100:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 8.1 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:8101:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 8.1 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:8102:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 8.1 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:8117:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 8.1 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:8118:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 8.1 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:8119:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 8.1 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:8121:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 11.0 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 11.0 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:* |
Related
nessus
nessus
ManageEngine SupportCenter Plus < 14.2 Build 14200
2023-11-15 00:00:00
prion
prion
Design/Logic Flaw
2023-07-28 02:15:00
cvelist
cvelist
CVE-2023-38331
2023-07-28 00:00:00
nvd
nvd
CVE-2023-38331
2023-07-28 02:15:10
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.2
Confidence
High
EPSS
0.008
Percentile
81.6%
Related for CVE-2023-38331