Schedule demo


Reflected Cross-Site Scripting Vulnerability

Vulnerability Details
Impact CVSS V3 rating: 10.0 (Critical)
Reported 02 November 2016
Fixed 08 February 2017
Affected Builds Till Build 13100
Fixed in Build 13200
Reflected Cross-Site Scripting Vulnerability
Recommended Fix Upgrade to Applications Manager Version 13200 and above


ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path / The URL is also available without authentication.

We recommend that you upgrade to Applications Manager Version 13200 to fix this issue.

Source and Acknowledgements

Find out more about CVE-2016-9490 from the CVE dictionary and NIST NVD.

Other Resources:

Need Help?

For clarification or corrections please contact our support team or email us at

You'll be in great company