4 results (0.010 seconds)

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Applications Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SingleSignOn page. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-38333.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0

Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. • https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-29442.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. • https://manageengine.com https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. • https://manageengine.com https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28341.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •