Multiple Cross-Site Scripting Vulnerabilities in ManageEngine Netflow Analyzer
CVE-2009-3903

Currently unrated

Key Information:

Vendor: Manageengine
Status: Netflow Analyzer
Vendor: CVE Published:; 6 November 2009

Summary

The ManageEngine Netflow Analyzer 7.5 build 7500 contains multiple cross-site scripting vulnerabilities in the jspui/index.jsp component. These vulnerabilities allow attackers to inject arbitrary web scripts or HTML by manipulating the 'view' and 'section' parameters. If exploited, these security flaws can lead to unauthorized actions being executed on behalf of users, compromising the integrity and confidentiality of the affected systems.

References

http://osvdb.org/55772

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/35630

vdb-entryx_refsource_BID

http://secunia.com/advisories/35105

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Nov 6, 2009
Vulnerability Reserved
Nov 6, 2009