CVE-2023-38333

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 10, 2023
Updated: Aug 15, 2023
CWE ID 79

Summary

CVE-2023-38333 is a newly disclosed vulnerability affecting the Zoho ManageEngine Applications Manager version 16530 and below. This issue permits Reflected Cross-Site Scripting (XSS) attacks, allowing malicious actors to inject malicious code into a webpage viewed by other users. As a result, affected users may unwittingly expose sensitive information or unintentionally execute unauthorized actions. Successful exploitation of this vulnerability could lead to significant security risks, including data theft or unauthorized system access. Users are strongly urged to update their Applications Manager software to the latest available version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Zohocorp Manageengine Applications Manager

Affected Vendors

  • Zoho Corporation