CVE-2023-28341

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

82.9%

top 0.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Applications Manager

Timeline

PublishedApr 11

Description

Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDzohocorp/manageengine_applications_manager16.0 — 16.3+2

Patches

Patch: www.manageengine.com ↗Patch: www.manageengine.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-28341: Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malic↗2023-04-11

▶

GHSA

GHSA-34mm-8vxq-7m2j: Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malic↗2023-04-11

▶