CVE-2023-29442

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
3.7%
top 11.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Applications Manager
Timeline
PublishedApr 26

Description

Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-38f6-89gx-6f42: Zoho ManageEngine Applications Manager through 16390 allows DOM XSS2023-04-26
CVEList
CVE-2023-29442: Zoho ManageEngine Applications Manager before 16400 allows proxy2023-04-26
CVE-2023-29442 (MEDIUM CVSS 6.1) | Zoho ManageEngine Applications Mana | cvebase.io