{ "id": "CVE-2022-25373", "sourceIdentifier": "cve@mitre.org", "published": "2022-04-05T19:15:08.317", "lastModified": "2024-11-21T06:52:06.013", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history." }, { "lang": "es", "value": "Zoho ManageEngine SupportCenter Plus versiones anteriores a 11020, permite el almacenamiento de tipo XSS en el historial de peticiones" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE" }, "exploitabilityScore": 2.3, "impactScore": 2.7 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "baseScore": 3.5, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE" }, "baseSeverity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.0", "matchCriteriaId": "791D8E77-1A6B-4739-A6E6-BF91E978144E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:-:*:*:*:*:*:*", "matchCriteriaId": "3AE43EA7-9AA1-4EA7-8840-22BD543A093C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*", "matchCriteriaId": "D788203D-B169-4C98-B090-B070630750DF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*", "matchCriteriaId": "846EA6AB-9588-4D9F-AEBD-83B018BE7362" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*", "matchCriteriaId": "BDD540F2-C964-40DE-91AB-DE726AAA82A8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*", "matchCriteriaId": "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*", "matchCriteriaId": "685783DB-DD06-4D9C-9E83-63449D5B60D9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*", "matchCriteriaId": "C371F2CD-A1F8-4EC7-8096-D61DEA337D44" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*", "matchCriteriaId": "B980A72F-53E2-4FC1-AA25-743AE8650641" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*", "matchCriteriaId": "68289AE6-F348-401A-BE49-08889492B23B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*", "matchCriteriaId": "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*", "matchCriteriaId": "34C768E0-FF5B-413D-87B2-9D09F28F95DC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*", "matchCriteriaId": "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*", "matchCriteriaId": "B77031F5-E097-4549-BF5E-1D0718AB52B9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*", "matchCriteriaId": "5A9C0879-8AE5-4E6E-998C-E79FC418C68A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*", "matchCriteriaId": "3F1F21D7-08E8-4637-903B-4277399C0BD7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*", "matchCriteriaId": "97920D1C-62BA-4B10-9912-C2ED1C1B0313" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*", "matchCriteriaId": "023C6278-1FF9-4E79-8D95-32BE71701D37" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*", "matchCriteriaId": "34EFB9EF-269E-4A72-8357-2A54E8B78C84" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*", "matchCriteriaId": "35366F60-D6E2-4B29-B593-D24079CE6831" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*", "matchCriteriaId": "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*", "matchCriteriaId": "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C" } ] } ] } ], "references": [ { "url": "https://manageengine.com", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://pitstop.manageengine.com/portal/en/community/topic/manageengine-supportcenter-plus-version-11-0-build-11020-released", "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://raxis.com/blog/cve-2022-25373", "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://manageengine.com", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "https://pitstop.manageengine.com/portal/en/community/topic/manageengine-supportcenter-plus-version-11-0-build-11020-released", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://raxis.com/blog/cve-2022-25373", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ] } ] }