# Security Updates - CVE Details | ManageEngine Applications Manager

## Security Updates - CVE Database

## CVE-2018-15169

### Reflected Cross-site scripting (XSS) vulnerability

| Vulnerability Details |  |
|---|---|
| Impact | **CVSS V3 rating:** |
| Reported | 18 July 2018 |
| Fixed | 25 July 2018 |
| Affected Builds | Till Build 13810 |
| Fixed in | Build 13820 |
| Overview | Reflected Cross-site scripting (XSS) vulnerability using the method parameter in the error page. |
| **Recommended Fix** | **Upgrade to Applications Manager Version 13820 or above.** |

### Description

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 allowed remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.

We recommend that you upgrade to Applications Manager Version 13820 and above to fix this issue.

### Source and Acknowledgements

Find out more about CVE-2018-15169 from the [CVE dictionary](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15169) and [NIST NVD](https://nvd.nist.gov/vuln/detail/CVE-2018-15169).

Other Resources: [https://github.com/x-f1v3/ForCve/issues/3](https://github.com/x-f1v3/ForCve/issues/3)

### Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/products/applications_manager/support.html) or email us at [appmanager-support@manageengine.com](mailto:appmanager-support@manageengine.com)