CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10803
https://notcve.org/view.php?id=CVE-2018-10803
Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF. Cross-Site Scripting (XSS) en la funcionalidad de adición de credenciales en Zoho ManageEngine NetFlow Analyzer en versiones v12.3 anteriores a la 12.3.125 (build 123125) permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un valor de descripción manipulado. Esto puede explotarse mediante Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/104251 https://www.manageengine.com/products/netflow/readme.html#123125 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •