6.1

CVE-2023-23077

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.

Data is provided by the National Vulnerability Database (NVD)
ZohocorpManageengine Servicedesk Plus Version13.0 Update-
ZohocorpManageengine Servicedesk Plus Version13.0 Update13000
ZohocorpManageengine Servicedesk Plus Version13.0 Update13001
ZohocorpManageengine Servicedesk Plus Version13.0 Update13002
ZohocorpManageengine Servicedesk Plus Version13.0 Update13003
ZohocorpManageengine Servicedesk Plus Version13.0 Update13004
ZohocorpManageengine Servicedesk Plus Version13.0 Update13005
ZohocorpManageengine Servicedesk Plus Version13.0 Update13006
ZohocorpManageengine Servicedesk Plus Version13.0 Update13007
ZohocorpManageengine Servicedesk Plus Version13.0 Update13008
ZohocorpManageengine Servicedesk Plus Version13.0 Update13009
ZohocorpManageengine Servicedesk Plus Version13.0 Update13010
ZohocorpManageengine Servicedesk Plus Version13.0 Update13011
ZohocorpManageengine Servicedesk Plus Version13.0 Update13012
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 16.19% 0.945
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.