CVE-2012-4889

Currently unrated

Key Information:

Vendor: Manageengine
Status: Firewall Analyzer
Vendor: CVE Published:; 10 September 2012

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/74538

vdb-entryx_refsource_XF

http://secunia.com/advisories/48657

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/80874

vdb-entryx_refsource_OSVDB

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 10, 2012
Vulnerability Reserved
Sep 10, 2012

Collectors

NVD DatabaseMitre Database