CVE-2012-1260
Scrutinizer NetFlow & sFlow Analyzer - Multiple Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script.
Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo cgi-bin/userprefs.cgi en Plixer International Scrutinizer NetFlow & sFlow Analyzer versión 8.6.2.16204, y posiblemente otras versiones anteriores a 9.0.1.19899, ??permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro newUser. NOTA: esto podría no ser una vulnerabilidad, ya que un administrador podría tener los privilegios para crear un script arbitrario.
Scrutinizer NetFlow and sFlow Analyzer version 8.6.2 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-02-22 CVE Reserved
- 2012-04-12 CVE Published
- 2012-04-19 First Exploit
- 2024-03-05 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/52989 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74825 | Vdb Entry | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/18750 | 2012-04-19 | |
| http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html | 2024-08-06 | |
| http://www.exploit-db.com/exploits/18750 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Plixer Search vendor "Plixer" | Scrutinizer Netflow \& Sflow Analyzer Search vendor "Plixer" for product "Scrutinizer Netflow \& Sflow Analyzer" | >= 8.6.2.16204 < 9.0.1.19899 Search vendor "Plixer" for product "Scrutinizer Netflow \& Sflow Analyzer" and version " >= 8.6.2.16204 < 9.0.1.19899" | - |
Affected
| ||||||