What is the vulnerability ID of this vulnerability?

The vulnerability ID of this vulnerability is CVE-2016-9490.

What is the severity of CVE-2016-9490?

CVE-2016-9490 has a severity level of medium.

Which software versions are affected by CVE-2016-9490?

ManageEngine Applications Manager versions 12 and 13 before build 13200 are affected by CVE-2016-9490.

How does CVE-2016-9490 affect ManageEngine Applications Manager?

CVE-2016-9490 is a Reflected Cross-Site Scripting vulnerability in ManageEngine Applications Manager versions 12 and 13 before build 13200.

Are there any references for CVE-2016-9490?

Yes, you can find references for CVE-2016-9490 at the following links: [1](http://seclists.org/fulldisclosure/2017/Apr/9), [2](http://www.securityfocus.com/bid/97394), [3](https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html).

Vulnerability/
CVE-2016-9490

medium

6.1

CWE

5/6/2018

6/8/2024

CVE-2016-9490: ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability

First published: Tue Jun 05 2018(Updated: )

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
ManageEngine Applications Manager	=12.0
ManageEngine Applications Manager	=13.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2016-9490.
What is the severity of CVE-2016-9490?
CVE-2016-9490 has a severity level of medium.
Which software versions are affected by CVE-2016-9490?
ManageEngine Applications Manager versions 12 and 13 before build 13200 are affected by CVE-2016-9490.
How does CVE-2016-9490 affect ManageEngine Applications Manager?
CVE-2016-9490 is a Reflected Cross-Site Scripting vulnerability in ManageEngine Applications Manager versions 12 and 13 before build 13200.
Are there any references for CVE-2016-9490?
Yes, you can find references for CVE-2016-9490 at the following links: [1](http://seclists.org/fulldisclosure/2017/Apr/9), [2](http://www.securityfocus.com/bid/97394), [3](https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html).

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/severity
agent/last-modified-date
agent/weakness
agent/author
agent/tags
agent/event
agent/description
agent/first-publish-date
vendor/manageengine
canonical/manageengine applications manager
version/manageengine applications manager/12.0
version/manageengine applications manager/13.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.