| Vulnerability Details | |
|---|---|
| Severity | High |
| CVE ID | CVE-2023-29442 |
| Affected software versions | Version 16390 and below |
| Fixed Version | Version 16362 to 16369 Version 16400 and above |
| Fixed On | 06 March 2023 |
DOM-Based XSS Vulnerability while accessing the proxy.html file allows attacker to craft an url with malicious JavaScript payload. When clicking the crafted url, that is shared by an attacker, malicious JavaScript gets executed in the victim browser.
This vulnerability executes JavaScript in the victim's browser controlled by the attacker to carry out any of the actions that are applicable to the administrator users of Applications Manager.
Applications Manager version 16400 and above fixes this issue by removing the proxy.html file from the product since it is not required anymore.
Update your Applications Manager instance to the latest build using the service pack.
Find out more about CVE-2023-29442 from CVE Directory and NIST NVD.
Rahul, ProjectDiscovery Security Research Team.
For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com
It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.
Reviewer Role: Research and Development
Tech Support Manager, Lexmark