CVE-2019-7423: XSS
First published: Sun Mar 17 2019(Updated: )
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Netflow Analyzer | =7.0.0.2 | |
| =7.0.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this XSS vulnerability?
The vulnerability ID for this XSS vulnerability is CVE-2019-7423.
What is the affected software in this vulnerability?
The affected software in this vulnerability is Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2.
What is the severity of CVE-2019-7423?
The severity of CVE-2019-7423 is medium with a CVSS score of 6.1.
How can the XSS be exploited in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2?
The XSS vulnerability can be exploited in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 through the userName parameter in the "/netflow/jspui/editProfile.jsp" file.
Is there a fix available for this vulnerability?
At the time of writing, there is no specific fix available for CVE-2019-7423. It is recommended to monitor the vendor's website for any updates or patches.
- collector/nvd-index
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/zohocorp
- canonical/zohocorp manageengine netflow analyzer
- version/zohocorp manageengine netflow analyzer/7.0.0.2