CVE-2023-23078

Published: Feb 1, 2023
Updated: Apr 14, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-23078" target="_blank" rel="noopener"> CVE-2023-23078
Severity: Medium
Exploit:

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.

CVSS v3:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
zohocorp / manageengine_servicedesk_plus	14.0-14000	14.0-14000.x
zohocorp / manageengine_servicedesk_plus	14.0	14.0.x
zohocorp / manageengine_servicedesk_plus	14.0-14001	14.0-14001.x
zohocorp / manageengine_servicedesk_plus	14.0-14002	14.0-14002.x
zohocorp / manageengine_servicedesk_plus	14.0-14003	14.0-14003.x
zohocorp / manageengine_servicedesk_plus	14.0-14004	14.0-14004.x
zohocorp / manageengine_servicedesk_plus	14.0-14005	14.0-14005.x
zohocorp / manageengine_servicedesk_plus	14.0-14006	14.0-14006.x