QwikSec

Security Database

CVE

CWE

Training

CVE-2016-9490

Published: Jun 5, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.

Vendor	Product	Versions
ManageEngine	Applications Manager	affected `12` affected `13`

Weaknesses (CWE)

References

20170404 ManageEngine Applications Manager Multiple Vulnerabilities

mailing-list

x_refsource_FULLDISC

https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html

x_refsource_MISC

https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.