Lucene search
HistoryJul 28, 2023 - 2:15 a.m.
CVE-2023-38331
zoho manageengine
support center plus
stored xss
vulnerability
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.008
Percentile
81.6%
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.
Affected configurations
Node
zohocorpmanageengine_supportcenter_plusMatch8.08015
ORzohocorpmanageengine_supportcenter_plusMatch8.18100
ORzohocorpmanageengine_supportcenter_plusMatch8.18101
ORzohocorpmanageengine_supportcenter_plusMatch8.18102
ORzohocorpmanageengine_supportcenter_plusMatch8.18117
ORzohocorpmanageengine_supportcenter_plusMatch8.18118
ORzohocorpmanageengine_supportcenter_plusMatch8.18119
ORzohocorpmanageengine_supportcenter_plusMatch8.18121
ORzohocorpmanageengine_supportcenter_plusMatch11.011000
ORzohocorpmanageengine_supportcenter_plusMatch11.011024
ORzohocorpmanageengine_supportcenter_plusMatch11.011026
ORzohocorpmanageengine_supportcenter_plusMatch11.011027
ORzohocorpmanageengine_supportcenter_plusMatch14.014000
ORzohocorpmanageengine_supportcenter_plusMatch14.014001
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_supportcenter_plus | 8.0 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.0:8015:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 8.1 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:8100:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 8.1 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:8101:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 8.1 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:8102:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 8.1 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:8117:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 8.1 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:8118:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 8.1 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:8119:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 8.1 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:8121:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 11.0 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 11.0 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:* |
Related
nessus
nessus
ManageEngine SupportCenter Plus < 14.2 Build 14200
2023-11-15 00:00:00
prion
prion
Design/Logic Flaw
2023-07-28 02:15:00
cvelist
cvelist
CVE-2023-38331
2023-07-28 00:00:00
cve
cve
CVE-2023-38331
2023-07-28 02:15:10
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.008
Percentile
81.6%
Related for NVD:CVE-2023-38331