CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 4CVE-2019-8927 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-8927
19 Feb 2019 — An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11. Se descubrió un problema en Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS existe en la zona de administración /netflow/jspui/scheduleCo... • https://packetstorm.news/files/id/151757 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 4CVE-2019-8926 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-8926
19 Feb 2019 — An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource. Se descubrió un problema en Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS existe en el archivo /netflow/jspui/popup1.jsp de la zona de administración a través de estos parámetros GET: bussAlert, customDev y selSource. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2... • https://packetstorm.news/files/id/151757 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 9%CPEs: 1EXPL: 4CVE-2019-8925 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-8925
19 Feb 2019 — An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value. Se descubrió un problema en Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Una vulnerabilidad Absolute Path ... • https://packetstorm.news/files/id/151757 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 3CVE-2019-7426 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
https://notcve.org/view.php?id=CVE-2019-7426
08 Feb 2019 — XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter. XSS en Zoho ManageEngine Netflow Analyzer Professional v7.0.0.0.2 en el archivo "/netflow/jspui/linkdownalertConfig.jsp" del groupDesc, groupName, groupID, o parámetro de tarea. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/151585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2019-7425 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
https://notcve.org/view.php?id=CVE-2019-7425
08 Feb 2019 — XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. Existe Cross-Site Scripting (XSS) en Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 en la zona de Administrador en el archivo "/netflow/jspui/linkdownalertConfig.jsp" en el parámetro task. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/151585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 3CVE-2019-7427 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
https://notcve.org/view.php?id=CVE-2019-7427
08 Feb 2019 — XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter. XSS en Zoho ManageEngine Netflow Analyzer Professional v7.0.0.0.2 en el archivo "/netflow/jspui/linkdownalertConfig.jsp" del parámetro autorefTime o graphTypes. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/151585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2019-7423 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
https://notcve.org/view.php?id=CVE-2019-7423
08 Feb 2019 — XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter. Existe Cross-Site Scripting (XSS) en Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 en la zona de Administrador en el archivo "/netflow/jspui/editProfile.jsp" en el parámetro userName. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/151585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2019-7424 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
https://notcve.org/view.php?id=CVE-2019-7424
08 Feb 2019 — XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903. Existe Cross-Site Scripting (XSS) en Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 en la zona de Administrador en el archivo "/netflow/jspui/index.jsp" en el parámetro GET view o cualquiera de estos ... • https://packetstorm.news/files/id/151585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2019-7422 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
https://notcve.org/view.php?id=CVE-2019-7422
08 Feb 2019 — XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter. Existe Cross-Site Scripting (XSS) en Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 en la zona de Administrador en el archivo "/netflow/jspui/addMailSettings.jsp" en el parámetro gF. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/151585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10803
https://notcve.org/view.php?id=CVE-2018-10803
10 May 2018 — Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF. Cross-Site Scripting (XSS) en la funcionalidad de adición de credenciales en Zoho ManageEngine NetFlow Analyzer en versiones v12.3 anteriores a la 12.3.125 (build 123125) permite que atacantes remotos inyecten scripts web o HTM... • http://www.securityfocus.com/bid/104251 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •