Security Updates - CVE Database

 

CVE-2018-10803

Cross-site Scripting (XSS) vulnerability

Vulnerability Details
Impact CVSS V3 rating: 6.1 (Medium)
Reported 25 April 2018
Fixed 18 May 2018
Affected Builds Till Build 123122
Fixed in Build 123125
Overview Vulnerability in Cross-site Scripting (XSS)
Recommended Fix Upgrade to NetFlow Analyzer Version 12.3.125 or above.

Description

An issue was discovered in Zoho ManageEngine Netflow Analyzer 123122. Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF.

We recommend that you upgrade to NetFlow Analyzer version 12.3.125 and above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2018-10803 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at netflowanalyzer-support@manageengine.com