FKIE_CVE-2023-23075

Vulnerability from fkie_nvd - Published: 2023-02-01 20:15 - Updated: 2025-03-27 15:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.
References
cve@mitre.orghttps://bugbounty.zohocorp.com/bb/#/bug/101000006463045?tab=originatorNot Applicable, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugbounty.zohocorp.com/bb/#/bug/101000006463045?tab=originatorNot Applicable, Vendor Advisory
Impacted products
Vendor Product Version
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
zohocorp manageengine_assetexplorer 6.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*",
              "matchCriteriaId": "258BF334-DE00-472D-BD94-C0DF8CDAF53C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*",
              "matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*",
              "matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*",
              "matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*",
              "matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*",
              "matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*",
              "matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*",
              "matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*",
              "matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*",
              "matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*",
              "matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*",
              "matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*",
              "matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*",
              "matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*",
              "matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*",
              "matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*",
              "matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*",
              "matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*",
              "matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*",
              "matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*",
              "matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*",
              "matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*",
              "matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*",
              "matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*",
              "matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*",
              "matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*",
              "matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*",
              "matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*",
              "matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*",
              "matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*",
              "matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*",
              "matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*",
              "matchCriteriaId": "03A34ED3-EC89-4BE3-8A99-A5727A154672",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*",
              "matchCriteriaId": "4E84EF2B-37A5-4499-8C16-877E8AB8A731",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*",
              "matchCriteriaId": "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*",
              "matchCriteriaId": "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*",
              "matchCriteriaId": "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6988:*:*:*:*:*:*",
              "matchCriteriaId": "356CA7C7-993F-4D5D-9FAB-9E5475878D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation."
    }
  ],
  "id": "CVE-2023-23075",
  "lastModified": "2025-03-27T15:15:43.447",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-02-01T20:15:11.707",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable",
        "Vendor Advisory"
      ],
      "url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006463045?tab=originator"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Vendor Advisory"
      ],
      "url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006463045?tab=originator"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.