Security advisory

A stored XSS vulnerability in the Products list view page

CVE ID : CVE-2023-38331

Product Name Severity Affected Version(s) Fixed Version Fixed On
SupportCenter Plus High 14001 and below 14200 24 April 2023

Details

A stored cross-site scripting (XSS) vulnerability allowed users to inject malicious JavaScript in the product name field. The script is executed when a user visits the Products list view page.

Impact

The vulnerability opened the possibility to execute malicious javascript, when a user visits the Products list view page.

Steps to upgrade

  1. Download the latest upgrade pack from the following links for the respective products:
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above links.

If you have any questions or concerns, please contact support@supportcenterplus.com

Let's support faster, easier, and together
Sign up(Cloud) Download(On-Premise) Request a free demo