| Vulnerability Details | |
|---|---|
| Severity | High |
| CVE ID | CVE-2023-28341 |
| Affected software versions | Version 15990 to 16340 |
| Fixed Version | Version 16350 and above |
| Fixed On | 01 Feb 2023 |
Stored Cross site scripting (XSS) vulnerability allows an unauthenticated user to inject malicious javascript on the incorrect login details page. When an administrator user visits this page the malicious javascript payload is executed in his browser.
This vulnerability executes javascript in the victim's browser controlled by the attacker to carry out any of the actions that are applicable to the administrator users.
Applications Manager version 16350 and above fixes this issue by properly rendering the data displayed in incorrect login page.
Update your Applications Manager instance to the latest build using the service pack.
Find out more about CVE-2023-28341 from CVE Directory and NIST NVD.
Rahul Maini, ProjectDiscovery Research Team.
For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com