Severity: High
ZVE ID: ZVE-2025-7373
| Product name | Affected Version(s) | Fixed Version(s) | Fixed On |
|---|---|---|---|
|
OpManager OpManager Enterprise Edition OpManager Plus OpManager Plus Enterprise Edition OpManager MSP Network Configuration Manager Network Configuration Enterprise Edition NetFlow Analyzer NetFlow Analyzer Enterprise Edition Firewall Analyzer Firewall Analyzer Enterprise Edition OpUtils |
12.8.655 to 12.8.664 | 12.8.665 | 09-01-2026 |
| 12.8.594 to 12.8.632 | 12.8.633 | 07-01-2026 | |
| 12.8.344 to 12.8.588 | 12.8.589 | 13-01-2026 |
Details:
A DOM-based XSS vulnerability was identified in Upgrade Manager Settings due to improper handling of message data in HTML. This issue has now been fixed.
Impact:
This vulnerability could allow a remote attacker to inject and execute arbitrary JavaScript in the authenticated user’s browser, which could result in unauthorized access to sensitive information or unintended user actions.
Fix:
The issue was mitigated by enforcing strict input validation and securely rendering sanitized data to prevent execution of HTML or scripts.
Steps to upgrade:
Source and Acknowledgements
This vulnerability was reported by Daniel Santos.
Kindly contact our product support teams for further details, at the email address mentioned below: