Cross-Site Scripting Vulnerability in ManageEngine Firewall Analyzer
CVE-2008-1775

Currently unrated

Key Information:

Vendor: Manageengine
Status: Firewall Analyzer
Vendor: CVE Published:; 14 April 2008

Summary

A cross-site scripting vulnerability exists in the mindex.do component of ManageEngine Firewall Analyzer version 4.0.3. This flaw allows remote attackers to craft malicious input via the displayName parameter, enabling them to inject arbitrary web scripts or HTML into pages viewed by other users. The potential for exploitation could lead to unauthorized actions on behalf of users or exposure of sensitive information.

References

http://www.securityfocus.com/bid/28604

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/41810

vdb-entryx_refsource_XF

http://secunia.com/advisories/29632

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 14, 2008
Vulnerability Reserved
Apr 14, 2008