CVE-2023-28341

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Applications Manager versions through 16340

Description A stored Cross site scripting (XSS) issue allows an unauthenticated user to inject malicious javascript on the incorrect login details page. This can be exploited by injecting malicious code into the login page, potentially affecting user sessions.

Recommendations For versions through 16340, update to a version that includes a fix for this issue to prevent malicious javascript injection. As a temporary workaround, consider restricting access to the login page to minimize the risk of exploitation.