CVE-2016-9490
published 2018-06-05CVE-2016-9490: ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is…
PriorityP428medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.73%
74.8th percentile
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| manageengine | applications_manager | — | — |
| manageengine | applications_manager | — | — |
| manageengine | applications_manager | — | — |
| manageengine | applications_manager | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2017/Apr/9http://www.securityfocus.com/bid/97394https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.htmlhttps://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.htmlhttp://seclists.org/fulldisclosure/2017/Apr/9http://www.securityfocus.com/bid/97394https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.htmlhttps://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html
2018-06-05
Published