# Security Updates - CVE Details | ManageEngine Applications Manager

## CVE-2018-12996

### Cross-site scripting (XSS) vulnerability via the parameter 'method' in GraphicalView.do

| Vulnerability Details |  |
|---|---|
| Impact | **CVSS V3 rating:** 9.8 CRITICAL |
| Reported | 02 June 2018 |
| Fixed | 10 July 2018 |
| Affected Builds | Till Build 13790 |
| Fixed in | Build 13800 |
| Overview | Cross-site scripting (XSS) vulnerability via the parameter 'method' in GraphicalView.do endpoint. |
| **Recommended Fix** | **Upgrade to Applications Manager Version 13800 or above.** |

### Description

A reflected Cross-site scripting (XSS) vulnerability in ManageEngine Applications Manager allowed remote attackers to inject arbitrary web script or HTML via the parameter 'method' in GraphicalView.do endpoint.

We recommend that you upgrade to Applications Manager Version 13800 or above to fix this issue.

### Source and Acknowledgements

Find out more about CVE-2018-12996 from the [CVE dictionary](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12996) and [NIST NVSD](https://nvd.nist.gov/vuln/detail/CVE-2018-12996).

Other Resources:  
[https://github.com/unh3x/just4cve/issues/7](http://github.com/unh3x/just4cve/issues/7)

### Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/products/applications_manager/support.html) or email us at [appmanager-support@manageengine.com](mailto:appmanager-support@manageengine.com).