Cross-Site Scripting Vulnerability in ManageEngine Firewall Analyzer
CVE-2012-4891

Currently unrated

Key Information:

Vendor: Manageengine
Status: Firewall Analyzer
Vendor: CVE Published:; 10 September 2012

Summary

A cross-site scripting vulnerability exists in the ManageEngine Firewall Analyzer product version 7.2, specifically in the fw/index2.do component. This flaw allows remote attackers to inject arbitrary web scripts or HTML by manipulating the url parameter. Successful exploitation could lead to unauthorized access and execution of malicious scripts within the context of the user's browser. This issue highlights the importance of proper input validation and output encoding in web applications to prevent such attacks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/100551

vdb-entryx_refsource_XF

http://secunia.com/advisories/48657

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/80874

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Sep 10, 2012
Vulnerability Reserved
Sep 10, 2012