CVE-2023-23075

Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://bugbounty.zohocorp.com/bb/#/bug/101000006463045?tab=originator	Not Applicable Vendor Advisory
https://bugbounty.zohocorp.com/bb/#/bug/101000006463045?tab=originator	Not Applicable Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987::::::
	cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6988::::::

History

21 Nov 2024, 07:45

Type	Values Removed	Values Added
References	~~() https://bugbounty.zohocorp.com/bb/#/bug/101000006463045?tab=originator - Not Applicable, Vendor Advisory~~	() https://bugbounty.zohocorp.com/bb/#/bug/101000006463045?tab=originator - Not Applicable, Vendor Advisory

Information

Published : 2023-02-01 20:15

Updated : 2025-03-27 15:15

NVD link : CVE-2023-23075

Mitre link : CVE-2023-23075

CVE.ORG link : CVE-2023-23075

JSON object : View

Products Affected

zohocorp

manageengine_assetexplorer

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-23075", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2023-02-01T20:15:11.707", "references": [{"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006463045?tab=originator", "tags": ["Not Applicable", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006463045?tab=originator", "tags": ["Not Applicable", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation."}], "lastModified": "2025-03-27T15:15:43.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "258BF334-DE00-472D-BD94-C0DF8CDAF53C"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03A34ED3-EC89-4BE3-8A99-A5727A154672"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E84EF2B-37A5-4499-8C16-877E8AB8A731"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6988:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "356CA7C7-993F-4D5D-9FAB-9E5475878D53"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.1 /10