CVE-2023-29442

Published Apr 26, 2023

Last updated 20 days ago

CVSS medium 6.1

Overview

Description: Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71A91D5D-BA60-4FAC-92D7-DD477399A552",
            "versionEndExcluding": "16.3"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16300:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "725F03D7-8655-4C2C-8BC8-BD81A657E53C"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16310:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "716C228E-FEB8-41D3-A290-BA4DB9D51717"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16320:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C73EC9D6-B2AD-4E68-B429-EBF9EA2A7618"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16330:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6251408C-2192-44E7-A8D8-92EE97BC3D5A"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16340:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F50F891-EA20-4DAC-A100-C80FC455FF15"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16350:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14969EAF-CDB7-45AE-AAA1-8D7D0C1D04A7"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16360:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B69B236-6FB4-4142-BAA3-578283DB225D"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16361:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A68602E-658B-435E-A456-736C8297ABDB"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16370:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0743D3FA-E17C-4AB4-8821-ECFA8760AA69"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16380:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "125F2CA8-EB8C-4863-85AB-B8ABB3A0B6BB"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16390:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65477E77-D8C3-428A-89CB-188E456FFFC4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References