First published: Wed Feb 01 2023(Updated: )
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp Manageengine Servicedesk Plus | =14.0 | |
Zohocorp Manageengine Servicedesk Plus | =14.0-14000 | |
Zohocorp Manageengine Servicedesk Plus | =14.0-14001 | |
Zohocorp Manageengine Servicedesk Plus | =14.0-14002 | |
Zohocorp Manageengine Servicedesk Plus | =14.0-14003 | |
Zohocorp Manageengine Servicedesk Plus | =14.0-14004 | |
Zohocorp Manageengine Servicedesk Plus | =14.0-14005 | |
Zohocorp Manageengine Servicedesk Plus | =14.0-14006 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-23078 is a Cross Site Scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14.
CVE-2023-23078 occurs when the comment field is used to change credentials in the Assets of Zoho ManageEngine ServiceDesk Plus 14.
CVE-2023-23078 has a severity level of medium.
To fix CVE-2023-23078, users should update to a patched version of Zoho ManageEngine ServiceDesk Plus 14.
More information about CVE-2023-23078 can be found at the following references: [Reference 1](https://bugbounty.zohocorp.com/bb/#/bug/101000006458675?tab=originator) and [Reference 2](https://www.manageengine.com/products/service-desk/CVE-2023-23078.html).