CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-7427 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
https://notcve.org/view.php?id=CVE-2019-7427
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter. XSS en Zoho ManageEngine Netflow Analyzer Professional v7.0.0.0.2 en el archivo "/netflow/jspui/linkdownalertConfig.jsp" del parámetro autorefTime o graphTypes. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html http://seclists.org/fulldisclosure/2019/Feb/29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-7423 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
https://notcve.org/view.php?id=CVE-2019-7423
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter. Existe Cross-Site Scripting (XSS) en Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 en la zona de Administrador en el archivo "/netflow/jspui/editProfile.jsp" en el parámetro userName. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html http://seclists.org/fulldisclosure/2019/Feb/29 https://www.manageengine.com/products/netflow/?doc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-7426 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
https://notcve.org/view.php?id=CVE-2019-7426
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter. XSS en Zoho ManageEngine Netflow Analyzer Professional v7.0.0.0.2 en el archivo "/netflow/jspui/linkdownalertConfig.jsp" del groupDesc, groupName, groupID, o parámetro de tarea. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html http://seclists.org/fulldisclosure/2019/Feb/29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 92EXPL: 0CVE-2018-20664
https://notcve.org/view.php?id=CVE-2018-20664
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. Zoho ManageEngine ADSelfService Plus, en sus versiones 5.x antes del build 5701, tiene XEE (XML External Entity) mediante una licencia de producto subida. • https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20664 https://www.manageengine.com/products/self-service-password/release-notes.html#5701 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 1%CPEs: 101EXPL: 0CVE-2019-3905
https://notcve.org/view.php?id=CVE-2019-3905
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. Zoho ManageEngine ADSelfService Plus, en sus versiones 5.x antes del build 5703, tiene Server-Side Request Forgery (SSRF). • https://www.excellium-services.com/cert-xlm-advisory/cve-2019-3905 https://www.manageengine.com/products/self-service-password/release-notes.html#5703 • CWE-918: Server-Side Request Forgery (SSRF) •