CVE-2023-23077 | SynScan

Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2023-23077

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.

Published: Feb 1, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-23077
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_servicedesk_plus	13.0-13000	13.0-13000.x
zohocorp / manageengine_servicedesk_plus	13.0-13001	13.0-13001.x
zohocorp / manageengine_servicedesk_plus	13.0-13002	13.0-13002.x
zohocorp / manageengine_servicedesk_plus	13.0-13003	13.0-13003.x
zohocorp / manageengine_servicedesk_plus	13.0-13004	13.0-13004.x
zohocorp / manageengine_servicedesk_plus	13.0-13005	13.0-13005.x
zohocorp / manageengine_servicedesk_plus	13.0-13006	13.0-13006.x
zohocorp / manageengine_servicedesk_plus	13.0-13007	13.0-13007.x
zohocorp / manageengine_servicedesk_plus	13.0-13009	13.0-13009.x
zohocorp / manageengine_servicedesk_plus	13.0-13010	13.0-13010.x
zohocorp / manageengine_servicedesk_plus	13.0-13008	13.0-13008.x
zohocorp / manageengine_servicedesk_plus	13.0	13.0.x
zohocorp / manageengine_servicedesk_plus	13.0-13011	13.0-13011.x
zohocorp / manageengine_servicedesk_plus	13.0-13012	13.0-13012.x