Cross-Site Scripting Vulnerability in Zoho ManageEngine NetFlow Analyzer
CVE-2018-10803

6.1MEDIUM

Key Information:

Vendor

Zohocorp
Status
Manageengine Netflow Analyzer
Vendor
CVE Published:
10 May 2018

What is CVE-2018-10803?

A security vulnerability exists in the add credentials functionality of Zoho ManageEngine NetFlow Analyzer v12.3 prior to build 123125. This vulnerability enables remote attackers to inject arbitrary web scripts or HTML via a specially crafted description value. Exploitation of this vulnerability can occur through cross-site request forgery (CSRF) techniques, posing significant risks to user data integrity and application security.

References

http://www.securityfocus.com/bid/104251
vdb-entryx_refsource_BID
https://www.manageengine.com/products/netflow/readme.html...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.