Schedule demo
 
 

CVE-2018-15169

Reflected Cross-site scripting (XSS) vulnerability


Vulnerability Details
Impact CVSS V3 rating:
Reported 18 July 2018
Fixed 25 July 2018
Affected Builds Till Build 13810
Fixed in Build 13820
Overview Reflected Cross-site scripting (XSS) vulnerability using the method parameter in the error page.
Recommended Fix Upgrade to Applications Manager Version 13820 or above.

Description

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 allowed remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.

We recommend that you upgrade to Applications Manager Version 13820 and above to fix this issue.


Source and Acknowledgements

Find out more about CVE-2018-15169 from the CVE dictionary and NIST NVD.

Other Resources: https://github.com/x-f1v3/ForCve/issues/3

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

You're in great company