CVE-2023-38331: XSS
First published: Fri Jul 28 2023(Updated: )
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Supportcenter Plus | =8.0-8015 | |
| Zohocorp Manageengine Supportcenter Plus | =8.1-8100 | |
| Zohocorp Manageengine Supportcenter Plus | =8.1-8101 | |
| Zohocorp Manageengine Supportcenter Plus | =8.1-8102 | |
| Zohocorp Manageengine Supportcenter Plus | =8.1-8117 | |
| Zohocorp Manageengine Supportcenter Plus | =8.1-8118 | |
| Zohocorp Manageengine Supportcenter Plus | =8.1-8119 | |
| Zohocorp Manageengine Supportcenter Plus | =8.1-8121 | |
| Zohocorp Manageengine Supportcenter Plus | =11.0-11000 | |
| Zohocorp Manageengine Supportcenter Plus | =11.0-11024 | |
| Zohocorp Manageengine Supportcenter Plus | =11.0-11026 | |
| Zohocorp Manageengine Supportcenter Plus | =11.0-11027 | |
| Zohocorp Manageengine Supportcenter Plus | =14.0-14000 | |
| Zohocorp Manageengine Supportcenter Plus | =14.0-14001 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-38331?
The severity of CVE-2023-38331 is medium with a severity value of 5.4.
Which products are affected by CVE-2023-38331?
Zoho ManageEngine Support Center Plus versions 11.0-11000 to 11.0-11027 and versions 14.0-14000 to 14.0-14001 are affected by CVE-2023-38331.
What is the vulnerability type of CVE-2023-38331?
CVE-2023-38331 is a stored XSS vulnerability.
How can I fix CVE-2023-38331?
There is currently no fix available for CVE-2023-38331. It is recommended to update to a patched version when it becomes available.
Where can I find more information about CVE-2023-38331?
You can find more information about CVE-2023-38331 on the Zoho ManageEngine website and the CVE-2023-38331 advisory page.
- collector/nvd-api
- collector/nvd-latest
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/severity
- agent/weakness
- agent/description
- agent/epss
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zohocorp
- canonical/zohocorp manageengine supportcenter plus
- version/zohocorp manageengine supportcenter plus/8.0-8015
- version/zohocorp manageengine supportcenter plus/8.1-8100
- version/zohocorp manageengine supportcenter plus/8.1-8101
- version/zohocorp manageengine supportcenter plus/8.1-8102
- version/zohocorp manageengine supportcenter plus/8.1-8117
- version/zohocorp manageengine supportcenter plus/8.1-8118
- version/zohocorp manageengine supportcenter plus/8.1-8119
- version/zohocorp manageengine supportcenter plus/8.1-8121
- version/zohocorp manageengine supportcenter plus/11.0-11000
- version/zohocorp manageengine supportcenter plus/11.0-11024
- version/zohocorp manageengine supportcenter plus/11.0-11026
- version/zohocorp manageengine supportcenter plus/11.0-11027
- version/zohocorp manageengine supportcenter plus/14.0-14000
- version/zohocorp manageengine supportcenter plus/14.0-14001