Security advisory

SupportCenter Plus Features Security advisory

Stored XSS vulnerability in the request history of SupportCenter Plus versions 11019 and below

Severity : Medium

CVE ID : CVE-2022-25373

Affected software version(s) : 11019 and below

Fixed version(s) : 11020

Fixed on : March 22, 2022


This vulnerability allows any low-privileged user to inject arbitrary JavaScript into the request by editing the ticket, making higher privileged or other low-privilege users' systems vulnerable to a breach. The JavaScript gets executed from the application (even without any prior interaction) once the target users view the request history.


Enables users to inject malicious code into the application.

Steps to upgrade

Customers can upgrade to the latest version (11020) using the appropriate migration path listed here.


Customers must upgrade to the latest version of SupportCenter Plus.


Reported by Matt in our bug bounty portal.

World's Largest Organizations Rely On SupportCenter Plus