Schedule demo
 
 

CVE-2018-12996

Cross-site scripting (XSS) vulnerability via the parameter 'method' in GraphicalView.do


Vulnerability Details
Impact CVSS V3 rating: 9.8 CRITICAL
Reported 02 June 2018
Fixed 10 July 2018
Affected Builds Till Build 13790
Fixed in Build 13800
Overview Cross-site scripting (XSS) vulnerability via the parameter 'method' in GraphicalView.do endpoint.
Recommended Fix Upgrade to Applications Manager Version 13800 or above.

Description

A reflected Cross-site scripting (XSS) vulnerability in ManageEngine Applications Manager allowed remote attackers to inject arbitrary web script or HTML via the parameter 'method' in GraphicalView.do endpoint.

We recommend that you upgrade to Applications Manager Version 13800 or above to fix this issue.


Source and Acknowledgements

Find out more about CVE-2018-12996 from the CVE dictionary and NIST NVSD.

Other Resources: https://github.com/unh3x/just4cve/issues/7

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

You're in great company