CVE-2016-9490

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.9%

top 25.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Applications Manager

Timeline

PublishedJun 5

Latest updateMay 14

Description

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5manageengine/applications_manager12, 13+1

▶NVDmanageengine/applications_manager12.0, 13.0+1

🔴Vulnerability Details

GHSA

GHSA-jm36-8m9x-wq28: ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability↗2022-05-14

▶

CVEList

ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability↗2018-06-05

▶