Lucene search

[email protected]CVE-2023-38333

HistoryAug 10, 2023 - 9:15 p.m.

CVE-2023-38333

2023-08-1021:15:10

CWE-79

[email protected]

web.nvd.nist.gov

zoho

manageengine

applications manager

16530

reflected xss

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.005 Low

EPSS

Percentile

76.9%

JSON

Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.

Affected configurations

NVD

Node

zohocorpmanageengine_applications_managerRange<16.5

zohocorpmanageengine_applications_managerMatch16.5-

zohocorpmanageengine_applications_managerMatch16.5build16500

zohocorpmanageengine_applications_managerMatch16.5build16510

zohocorpmanageengine_applications_managerMatch16.5build16511

zohocorpmanageengine_applications_managerMatch16.5build16520

zohocorpmanageengine_applications_managerMatch16.5build16530

CPENameOperatorVersion
zohocorp:manageengine_applications_managerzohocorp manageengine applications managerlt16.5

CPE	Name	Operator	Version
zohocorp:manageengine_applications_manager	zohocorp manageengine applications manager	lt	16.5

References

www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-38333.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.005 Low

EPSS

Percentile

76.9%

JSON

Related for CVE-2023-38333

cvelist1 cnvd1 zdi1 prion1 nvd1