Schedule demo
 
 

CVE-2016-9490

Reflected Cross-Site Scripting Vulnerability


Vulnerability Details
Impact CVSS V3 rating: 10.0 (Critical)
Reported 02 November 2016
Fixed 08 February 2017
Affected Builds Till Build 13100
Fixed in Build 13200
Overview
Reflected Cross-Site Scripting Vulnerability
Recommended Fix Upgrade to Applications Manager Version 13200 and above

Description

ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.

We recommend that you upgrade to Applications Manager Version 13200 to fix this issue.


Source and Acknowledgements

Find out more about CVE-2016-9490 from the CVE dictionary and NIST NVD.

Other Resources: https://seclists.org/fulldisclosure/2017/Apr/9

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

You're in great company