| Vulnerability Details | |
|---|---|
| Impact | CVSS V3 rating: 9.8 CRITICAL |
| Reported | 02 June 2018 |
| Fixed | 10 July 2018 |
| Affected Builds | Till Build 13790 |
| Fixed in | Build 13800 |
| Overview | Cross-site scripting (XSS) vulnerability via the parameter 'method' in GraphicalView.do endpoint. |
| Recommended Fix | Upgrade to Applications Manager Version 13800 or above. |
A reflected Cross-site scripting (XSS) vulnerability in ManageEngine Applications Manager allowed remote attackers to inject arbitrary web script or HTML via the parameter 'method' in GraphicalView.do endpoint.
We recommend that you upgrade to Applications Manager Version 13800 or above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2018-12996 from the CVE dictionary and NIST NVSD.
Other Resources: https://github.com/unh3x/just4cve/issues/7
For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com