Zohocorp Manageengine Netflow Analyzer 220.127.116.11 Cross Site Scripting Vulnerability
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 18.104.22.168. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.
The information has been provided by Rafael Pedrero.
The original article can be found at: http://seclists.org/fulldisclosure/2019/Feb/45
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 22.214.171.124. An Absolute Path Traversal vulnerability in the Administration
zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name,
such as a schFilePath=C:\boot.ini value.
- Zohocorp Manageengine Netflow Analyzer 126.96.36.199