CVE-2016-9490 ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability

2018-06-0514:00:00

CWE-79

certcc

www.cve.org

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

55.9%

JSON

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.

CNA Affected

[
  {
    "product": "Applications Manager",
    "vendor": "ManageEngine",
    "versions": [
      {
        "status": "affected",
        "version": "12"
      },
      {
        "status": "affected",
        "version": "13"
      }
    ]
  }
]