CVE-2019-11676: XSS
First published: Thu May 02 2019(Updated: )
The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Firewall Analyzer | =7.2-7020 | |
| Zohocorp Manageengine Firewall Analyzer | =7.2-7021 | |
| Zohocorp Manageengine Firewall Analyzer | =7.4-7400 | |
| Zohocorp Manageengine Firewall Analyzer | =7.6-7600 | |
| Zohocorp Manageengine Firewall Analyzer | =8.0-8000 | |
| Zohocorp Manageengine Firewall Analyzer | =8.1-8110 | |
| Zohocorp Manageengine Firewall Analyzer | =8.3-8300 | |
| Zohocorp Manageengine Firewall Analyzer | =8.5-8500 | |
| Zohocorp Manageengine Firewall Analyzer | =12.0-12000 | |
| Zohocorp Manageengine Firewall Analyzer | =12.2-12200 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-12300 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123008 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123027 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123045 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123057 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123064 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123070 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123083 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123092 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123126 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123129 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123137 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123151 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123156 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123164 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123169 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123177 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123182 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123185 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123186 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123194 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123197 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123208 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123218 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123222 | |
| Zohocorp Manageengine Firewall Analyzer | =12.3-123223 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-11676?
CVE-2019-11676 is a vulnerability in Zoho ManageEngine Firewall Analyzer that allows for stored XSS attacks through user-defined DNS names.
What is the severity of CVE-2019-11676?
CVE-2019-11676 has a severity level of 6.1 (Medium).
Which versions of Zoho ManageEngine Firewall Analyzer are affected by CVE-2019-11676?
Versions 7.2-7020 to 12.3-123223 of Zoho ManageEngine Firewall Analyzer are affected by CVE-2019-11676.
How can I fix the CVE-2019-11676 vulnerability?
To fix the CVE-2019-11676 vulnerability, update Zoho ManageEngine Firewall Analyzer to version 12.3 Build 123224 or later.
Where can I find more information about CVE-2019-11676?
More information about CVE-2019-11676 can be found in the release notes of Zoho ManageEngine Firewall Analyzer at the following link: [link](https://www.manageengine.com/products/firewall/release-notes.html)
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zohocorp
- canonical/zohocorp manageengine firewall analyzer
- version/zohocorp manageengine firewall analyzer/7.2-7020
- version/zohocorp manageengine firewall analyzer/7.2-7021
- version/zohocorp manageengine firewall analyzer/7.4-7400
- version/zohocorp manageengine firewall analyzer/7.6-7600
- version/zohocorp manageengine firewall analyzer/8.0-8000
- version/zohocorp manageengine firewall analyzer/8.1-8110
- version/zohocorp manageengine firewall analyzer/8.3-8300
- version/zohocorp manageengine firewall analyzer/8.5-8500
- version/zohocorp manageengine firewall analyzer/12.0-12000
- version/zohocorp manageengine firewall analyzer/12.2-12200
- version/zohocorp manageengine firewall analyzer/12.3-12300
- version/zohocorp manageengine firewall analyzer/12.3-123008
- version/zohocorp manageengine firewall analyzer/12.3-123027
- version/zohocorp manageengine firewall analyzer/12.3-123045
- version/zohocorp manageengine firewall analyzer/12.3-123057
- version/zohocorp manageengine firewall analyzer/12.3-123064
- version/zohocorp manageengine firewall analyzer/12.3-123070
- version/zohocorp manageengine firewall analyzer/12.3-123083
- version/zohocorp manageengine firewall analyzer/12.3-123092
- version/zohocorp manageengine firewall analyzer/12.3-123126
- version/zohocorp manageengine firewall analyzer/12.3-123129
- version/zohocorp manageengine firewall analyzer/12.3-123137
- version/zohocorp manageengine firewall analyzer/12.3-123151
- version/zohocorp manageengine firewall analyzer/12.3-123156
- version/zohocorp manageengine firewall analyzer/12.3-123164
- version/zohocorp manageengine firewall analyzer/12.3-123169
- version/zohocorp manageengine firewall analyzer/12.3-123177
- version/zohocorp manageengine firewall analyzer/12.3-123182
- version/zohocorp manageengine firewall analyzer/12.3-123185
- version/zohocorp manageengine firewall analyzer/12.3-123186
- version/zohocorp manageengine firewall analyzer/12.3-123194
- version/zohocorp manageengine firewall analyzer/12.3-123197
- version/zohocorp manageengine firewall analyzer/12.3-123208
- version/zohocorp manageengine firewall analyzer/12.3-123218
- version/zohocorp manageengine firewall analyzer/12.3-123222
- version/zohocorp manageengine firewall analyzer/12.3-123223