CVE-2023-23077

Summary

CVE	CVE-2023-23077
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-02-01 20:15:00 UTC
Updated	2023-02-22 22:15:00 UTC
Description	Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	-	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13000	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13001	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13002	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13003	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13004	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13005	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13006	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13007	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13008	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13009	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13010	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13011	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13012	All	All

References

Reference	Source	Link	Tags
BugBounty	MISC	bugbounty.zohocorp.com
ManageEngine security advisory	MISC	www.manageengine.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

378335 Zoho ManageEngine ServiceDesk Plus Stored Cross-Site Scripting (XSS) Vulnerability