Schedule demo


Stored Cross site scripting (XSS) vulnerability in incorrect login details page.

Vulnerability Details
Severity High
CVE ID CVE-2023-28341
Affected software versions Version 15990 to 16340
Fixed Version Version 16350 and above
Fixed On 01 Feb 2023


Stored Cross site scripting (XSS) vulnerability allows an unauthenticated user to inject malicious javascript on the incorrect login details page. When an administrator user visits this page the malicious javascript payload is executed in his browser.


This vulnerability executes javascript in the victim's browser controlled by the attacker to carry out any of the actions that are applicable to the administrator users.


Applications Manager version 16350 and above fixes this issue by properly rendering the data displayed in incorrect login page.

Steps to update

Update your Applications Manager instance to the latest build using the service pack.

Source and Acknowledgements

Find out more about CVE-2023-28341 from CVE Directory and NIST NVD.

Reported by:

Rahul Maini, ProjectDiscovery Research Team.

Need Help?

For clarification or corrections please contact our support team or email us at

You'll be in great company