Security Updates - CVE Details | ManageEngine Applications Manager

CVE-2018-15169

Reflected Cross-site scripting (XSS) vulnerability

Vulnerability Details
Impact	CVSS V3 rating:
Reported	18 July 2018
Fixed	25 July 2018
Affected Builds	Till Build 13810
Fixed in	Build 13820
Overview	Reflected Cross-site scripting (XSS) vulnerability using the method parameter in the error page.
Recommended Fix	Upgrade to Applications Manager Version 13820 or above.

Description

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 allowed remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.

We recommend that you upgrade to Applications Manager Version 13820 and above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2018-15169 from the CVE dictionary and NIST NVD.

Other Resources: https://github.com/x-f1v3/ForCve/issues/3

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

Loved by customers all over the world

"Standout Tool With Extensive Monitoring Capabilities"

★★★★★

It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.

Reviewer Role: Research and Development

"I like Applications Manager because it helps us to detect issues present in our servers and SQL databases."

Carlos Rivero

Tech Support Manager, Lexmark