Schedule demo


Reflected Cross-site scripting (XSS) vulnerability

Vulnerability Details
Impact CVSS V3 rating:
Reported 18 July 2018
Fixed 25 July 2018
Affected Builds Till Build 13810
Fixed in Build 13820
Overview Reflected Cross-site scripting (XSS) vulnerability using the method parameter in the error page.
Recommended Fix Upgrade to Applications Manager Version 13820 or above.


A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 allowed remote attackers to inject arbitrary web script or HTML via the / method parameter.

We recommend that you upgrade to Applications Manager Version 13820 and above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2018-15169 from the CVE dictionary and NIST NVD.

Other Resources:

Need Help?

For clarification or corrections please contact our support team or email us at

You're in great company