virus logo Intrusion Prevention

ManageEngine.ServiceDesk.Plus.Embed.Video.Link.Stored.XSS

description-logoDescription

This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in Zoho Corporation ManageEngine ServiceDesk Plus.
The vulnerability is due to insufficient validation of data in embed video link when they are added in Product Tour page. A remote authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary script execution under the security context of the target user's browser.

affected-products-logoAffected Products

Zoho Corporation ManageEngine ServiceDesk Plus prior to 14104

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/products/service-desk/CVE-2023-23074.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2023-08-09 25.618
Modified
 Name:Zoho.
ManageEngine.
ServiceDesk.
Plus.
Embed.
Video.
Link.
Stored.
XSS:ManageEngine.
ServiceDesk.
Plus.
Embed.
Video.
Link.
Stored.
XSS
2023-05-02 23.544
Modified
 Default_action:pass:drop
2023-04-20 23.538
New
ID 52843
Created Apr 12, 2023
Updated Aug 08, 2023
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 70.87%
Default Action drop
Active
Affected OS Windows
Affected App Other
Profile Type XSS