Stored XSS Vulnerability in Zoho ManageEngine Support Center Plus
CVE-2023-38331

5.4MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Supportcenter Plus
Vendor: CVE Published:; 28 July 2023

What is CVE-2023-38331?

Zoho ManageEngine Support Center Plus versions 14001 and earlier are susceptible to a stored XSS vulnerability within the products module. This vulnerability allows attackers to inject malicious scripts that can be executed when other users access the affected module, potentially compromising user data and system integrity. It is crucial for users to implement security measures and apply updates to mitigate the risks associated with this flaw.

References

https://manageengine.com

https://www.manageengine.com/products/service-desk/CVE-20...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2023
Vulnerability Reserved
Jul 14, 2023

Zohocorp

What is CVE-2023-38331?

References

CVSS V3.1

Timeline