CVE-2018-10803: XSS
First published: Thu May 10 2018(Updated: )
Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoho ManageEngine NetFlow Analyzer | >=12.3<12.3.125 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-10803.
What software is affected by this vulnerability?
The Zoho ManageEngine NetFlow Analyzer version 12.3 before 12.3.125 (build 123125) is affected by this vulnerability.
How does this vulnerability occur?
This vulnerability occurs due to a cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer.
What is the impact of this vulnerability?
This vulnerability allows remote attackers to inject arbitrary web script or HTML through a crafted description value, leading to potential cross-site scripting attacks.
How can this vulnerability be exploited?
This vulnerability can be exploited through CSRF (Cross-Site Request Forgery) attacks.
- agent/weakness
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zohocorp
- canonical/zoho manageengine netflow analyzer
- version/zoho manageengine netflow analyzer/12.3