Cross-Site Scripting in Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-7422

6.1MEDIUM

Key Information:

Vendor

Zohocorp
Status
Manageengine Netflow Analyzer
Vendor
CVE Published:
21 March 2019

What is CVE-2019-7422?

A Cross-Site Scripting vulnerability exists in version 7.0.0.2 of Zoho ManageEngine Netflow Analyzer Professional, specifically within the Administration zone at the endpoint '/netflow/jspui/addMailSettings.jsp'. The flaw is triggered through the 'gF' parameter, potentially allowing attackers to inject malicious scripts. Successful exploitation can lead to unauthorized access and manipulation of user data, raising significant security concerns for affected instances.

References

http://packetstormsecurity.com/files/151585/Zoho-ManageEn...
x_refsource_MISC
https://www.manageengine.com/products/netflow/?doc
x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Feb/29
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.