Lucene search
HistoryApr 11, 2023 - 1:15 a.m.
CVE-2023-28341
cve-2023-28341
stored cross site scripting
xss
zoho manageengine
applications manager
vulnerability
nvd
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
59.8%
Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.
Affected configurations
Node
zohocorpmanageengine_applications_managerRange16.0–16.3
ORzohocorpmanageengine_applications_managerMatch15.9build15990
ORzohocorpmanageengine_applications_managerMatch16.3build16300
ORzohocorpmanageengine_applications_managerMatch16.3build16310
ORzohocorpmanageengine_applications_managerMatch16.3build16320
ORzohocorpmanageengine_applications_managerMatch16.3build16330
ORzohocorpmanageengine_applications_managerMatch16.3build16340
Related
nvd
nvd
CVE-2023-28341
2023-04-11 01:15:07
cvelist
cvelist
CVE-2023-28341
2023-04-11 00:00:00
prion
prion
Cross site scripting
2023-04-11 01:15:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
59.8%
Related for CVE-2023-28341