Reflected Cross-Site Scripting Vulnerability in ManageEngine Applications Manager

CVE-2016-9490 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.

Learn more about our Web Application Penetration Testing UK.