GCVE - cpe:2.3:a:zohocorp:manageengine_servicedesk

Approved changes feed: RSS · Atom

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13008:*:*:*:*:*:*

part: a version: 13.0 update: 13008

Vendor	Zohocorp (`4f1ab088-ab0e-54ac-b0dc-2304879a7502`)
Product	Manageengine Servicedesk Plus (`25373568-3a9b-52b0-9856-05e6cf15479d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-23077`	vulnerable	2026-06-03 14:49:20.889856	Details available Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. Published: 2023-02-01T00:00:00.000Z Updated: 2025-03-27T14:20:01.439Z Open on db.gcve.eu Reference links https://bugbounty.zohocorp.com/bb/#/bug/101000006387693?tab=originator https://www.manageengine.com/products/service-desk/CVE-2023-23077.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-40770`	vulnerable	2026-06-03 14:48:03.537695	Details available Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. Published: 2022-11-23T00:00:00.000Z Updated: 2025-04-28T19:38:56.406Z Open on db.gcve.eu Reference links https://manageengine.com https://www.manageengine.com/products/service-desk/CVE-2022-40770.html	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.