Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-23077PUBLISHED: 2023-02-01Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.
CVE-2023-23078PUBLISHED: 2023-02-01Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
CVE-2023-22287PUBLISHED: 2023-02-01** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2023-23073PUBLISHED: 2023-02-01Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.
CVE-2023-23074PUBLISHED: 2023-02-01Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.
User Rank: Ninja
2/29/2016 | 7:22:06 PM
I recently interviewed for a CISO role that, interestingly enough, answered to the CFO. The organization views the CISO role as a financial one -- pertaining to investment and risk management.
Perhaps this is how the role should be structured for most organizations.