Zoho ManageEngine Netflow Analyzer Professional 22.214.171.124 Cross Site Scripting Vulnerability
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 126.96.36.199. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName.
The information has been provided by Rafael Pedrero .
The original article can be found at: http://seclists.org/fulldisclosure/2019/Feb/45
Zohocorp Manageengine Netflow Analyzer is prone to a cross-site scripting vulnerability.This allows remote attackers to inject arbitrary web script or HTML via vulnerable vectors.A remote attacker can use cross-site scripting(XSS) to send a hostile script to an unsuspicious user
- Zohocorp Manageengine Netflow Analyzer 188.8.131.52