|Impact||CVSS V3 rating: 10.0 (Critical)|
|Reported||02 November 2016|
|Fixed||08 February 2017|
|Affected Builds||Till Build 13100|
|Fixed in||Build 13200|
Reflected Cross-Site Scripting Vulnerability
|Recommended Fix||Upgrade to Applications Manager Version 13200 and above|
ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.
We recommend that you upgrade to Applications Manager Version 13200 to fix this issue.
Source and Acknowledgements