CVSS: 8.8EPSS: 57%CPEs: 7EXPL: 0CVE-2023-38333 – ManageEngine Applications Manager SingleSignOn Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38333
10 Aug 2023 — Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Applications Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SingleSignOn page. The issue results from the lack of proper validation of user-supplied data, which can lead to the inj... • https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-38333.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 57%CPEs: 12EXPL: 0CVE-2023-29442
https://notcve.org/view.php?id=CVE-2023-29442
26 Apr 2023 — Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. • https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-29442.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 6%CPEs: 4EXPL: 0CVE-2023-28340
https://notcve.org/view.php?id=CVE-2023-28340
11 Apr 2023 — Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. • https://manageengine.com • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.4EPSS: 80%CPEs: 7EXPL: 0CVE-2023-28341
https://notcve.org/view.php?id=CVE-2023-28341
11 Apr 2023 — Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. • https://manageengine.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •