| Vulnerability Details | |
|---|---|
| Impact | CVSS V3 rating: |
| Reported | 18 July 2018 |
| Fixed | 25 July 2018 |
| Affected Builds | Till Build 13810 |
| Fixed in | Build 13820 |
| Overview | Reflected Cross-site scripting (XSS) vulnerability using the method parameter in the error page. |
| Recommended Fix | Upgrade to Applications Manager Version 13820 or above. |
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 allowed remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.
We recommend that you upgrade to Applications Manager Version 13820 and above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2018-15169 from the CVE dictionary and NIST NVD.
Other Resources: https://github.com/x-f1v3/ForCve/issues/3
For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com
It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.
Reviewer Role: Research and Development
Tech Support Manager, Lexmark