Reflected Cross-Site Scripting Vulnerability in ManageEngine Applications Manager
CVE-2016-9490 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.
Learn more about our Web Application Penetration Testing UK.