Zoho ManageEngine Netflow Analyzer Professional 188.8.131.52 Cross Site Scripting (XSS) Vulnerability
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 184.108.40.206. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.
The information has been provided by Rafael Pedrero
The original article can be found at: http://seclists.org/fulldisclosure/2019/Feb/45
ZohocorpManageengine Netflow Analyzer is prone to a cross-site scripting vulnerability.This allows remote attackers to inject arbitrary web script or HTML via vulnerable vectors.A remote attacker can use cross-site scripting(XSS) to send a hostile script to an unsuspicious user
- ZohocorpManageengine Netflow Analyzer 220.127.116.11