Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 05/06/2018 Updated: 07/08/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.

Vulnerable Product	Search on Vulmon	Subscribe to Product
manageengine applications manager 13.0
manageengine applications manager 12.0

CWE-79 https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html http://www.securityfocus.com/bid/97394 http://seclists.org/fulldisclosure/2017/Apr/9 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-9490

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect