Stored XSS Vulnerability in Zoho ManageEngine Firewall Analyzer
CVE-2019-11676

6.1MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Firewall Analyzer
Vendor: CVE Published:; 2 May 2019

What is CVE-2019-11676?

The Zoho ManageEngine Firewall Analyzer, prior to version 12.3 Build 123224, is susceptible to stored Cross-Site Scripting (XSS) attacks due to its handling of user-defined DNS names. This flaw allows an attacker to inject malicious scripts that are stored on the server and can be executed in the browser of users accessing the affected service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's session, potentially leading to unauthorized access to sensitive information.

References

https://www.manageengine.com/products/firewall/release-no...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2019
Vulnerability Reserved
May 2, 2019

Zohocorp

What is CVE-2019-11676?

References

CVSS V3.1

Timeline