Описание
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903.
Ссылки
- ExploitPatchThird Party AdvisoryVDB Entry
- ExploitMailing ListPatchThird Party Advisory
- ProductVendor Advisory
- ExploitPatchThird Party AdvisoryVDB Entry
- ExploitMailing ListPatchThird Party Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:7.0.0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01257
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903.
EPSS
Процентиль: 79%
0.01257
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79