Cross site scripting

2023-04-1101:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

stored xss

zoho manageengine applications manager

nvd

vulnerability

unauthenticated user

malicious javascript

0.002 Low

EPSS

Percentile

59.8%

JSON

Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.

CPENameOperatorVersion
manageengine_applications_managereq16.3 build16310
manageengine_applications_managereq16.3 build16320
manageengine_applications_managereq16.3 build16300
manageengine_applications_managerge16.0
manageengine_applications_managerlt16.3
manageengine_applications_managereq16.3 build16330
manageengine_applications_managereq16.3 build16340
manageengine_applications_managereq15.9 build15990

Name	Operator	Version
manageengine_applications_manager	eq	16.3 build16310
manageengine_applications_manager	eq	16.3 build16320
manageengine_applications_manager	eq	16.3 build16300
manageengine_applications_manager	ge	16.0
manageengine_applications_manager	lt	16.3
manageengine_applications_manager	eq	16.3 build16330
manageengine_applications_manager	eq	16.3 build16340
manageengine_applications_manager	eq	15.9 build15990