Security advisory

A stored XSS vulnerability in the Products list view page

CVE ID : CVE-2023-38331

Product NameSeverityAffected Version(s)Fixed VersionFixed On
SupportCenter PlusHigh14001 and below1420024 April 2023

Details

A stored cross-site scripting (XSS) vulnerability allowed users to inject malicious JavaScript in the product name field. The script is executed when a user visits the Products list view page.

Impact

The vulnerability opened the possibility to execute malicious javascript, when a user visits the Products list view page.

Steps to upgrade

  1. Download the latest upgrade pack from the following links for the respective products:

     

  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above links.

If you have any questions or concerns, please contact support@supportcenterplus.com

Let's support faster, easier, and together
Sign up(Cloud) Download(On-Premise)Request a free demo