Stored XSS Vulnerability in Zoho ManageEngine Support Center Plus
CVE-2023-38331

5.4MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Supportcenter Plus
Vendor: CVE Published:; 28 July 2023

What is CVE-2023-38331?

Zoho ManageEngine Support Center Plus versions 14001 and earlier are susceptible to a stored XSS vulnerability within the products module. This vulnerability allows attackers to inject malicious scripts that can be executed when other users access the affected module, potentially compromising user data and system integrity. It is crucial for users to implement security measures and apply updates to mitigate the risks associated with this flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://manageengine.com

https://www.manageengine.com/products/service-desk/CVE-20...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 28, 2023
Vulnerability Reserved
Jul 14, 2023

JSON

Zohocorp

What is CVE-2023-38331?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.