CVE-2023-37308: XSS
First published: Fri Jul 07 2023(Updated: )
Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoho ManageEngine ADAudit Plus | <7.0 | |
| Zoho ManageEngine ADAudit Plus | =7.0 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7000 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7002 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7003 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7004 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7005 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7006 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7007 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7008 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7050 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7051 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7052 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7053 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7054 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7055 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7060 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7062 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7063 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7065 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7080 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7081 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7082 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7090 | |
| Zoho ManageEngine ADAudit Plus | =7.0-7091 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-37308?
CVE-2023-37308 is a vulnerability in Zoho ManageEngine ADAudit Plus that allows cross-site scripting (XSS) attacks via the username field.
How severe is CVE-2023-37308?
CVE-2023-37308 has a severity rating of 5.4, which is considered medium.
How does CVE-2023-37308 affect Zoho ManageEngine ADAudit Plus?
CVE-2023-37308 affects Zoho ManageEngine ADAudit Plus versions before 7100 and allows XSS attacks through the username field.
What is the Common Vulnerabilities and Exposures (CVE) identifier for this vulnerability?
The Common Vulnerabilities and Exposures (CVE) identifier for this vulnerability is CVE-2023-37308.
Is there a fix available for CVE-2023-37308?
Yes, the fix for CVE-2023-37308 is to update Zoho ManageEngine ADAudit Plus to version 7100 or later.
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zohocorp
- canonical/zoho manageengine adaudit plus
- version/zoho manageengine adaudit plus/7.0
- version/zoho manageengine adaudit plus/7.0-7000
- version/zoho manageengine adaudit plus/7.0-7002
- version/zoho manageengine adaudit plus/7.0-7003
- version/zoho manageengine adaudit plus/7.0-7004
- version/zoho manageengine adaudit plus/7.0-7005
- version/zoho manageengine adaudit plus/7.0-7006
- version/zoho manageengine adaudit plus/7.0-7007
- version/zoho manageengine adaudit plus/7.0-7008
- version/zoho manageengine adaudit plus/7.0-7050
- version/zoho manageengine adaudit plus/7.0-7051
- version/zoho manageengine adaudit plus/7.0-7052
- version/zoho manageengine adaudit plus/7.0-7053
- version/zoho manageengine adaudit plus/7.0-7054
- version/zoho manageengine adaudit plus/7.0-7055
- version/zoho manageengine adaudit plus/7.0-7060
- version/zoho manageengine adaudit plus/7.0-7062
- version/zoho manageengine adaudit plus/7.0-7063
- version/zoho manageengine adaudit plus/7.0-7065
- version/zoho manageengine adaudit plus/7.0-7080
- version/zoho manageengine adaudit plus/7.0-7081
- version/zoho manageengine adaudit plus/7.0-7082
- version/zoho manageengine adaudit plus/7.0-7090
- version/zoho manageengine adaudit plus/7.0-7091