CVE-2015-2960

Опубликовано: 09 июн. 2015

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Ссылки

http://jvn.jp/en/jp/JVN98447310/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000074
Vendor Advisory
http://www.securityfocus.com/bid/75071
http://www.securitytracker.com/id/1032516
https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250
Patch
Vendor Advisory
http://jvn.jp/en/jp/JVN98447310/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000074
Vendor Advisory
http://www.securityfocus.com/bid/75071
http://www.securitytracker.com/id/1032516
https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00224

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-ccw8-8wj9-vq37

github

больше 3 лет назад