CVE-2019-8926: XSS
First published: Fri May 17 2019(Updated: )
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Netflow Analyzer | =7.0.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-8926.
What is the severity of CVE-2019-8926?
The severity of CVE-2019-8926 is medium, with a CVSS score of 6.1.
What software is affected by CVE-2019-8926?
Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 is affected by CVE-2019-8926.
How does the vulnerability manifest in Zoho ManageEngine Netflow Analyzer Professional?
The vulnerability manifests as a cross-site scripting (XSS) issue in the Administration zone /netflow/jspui/popup1.jsp file via the GET parameters bussAlert, customDev, and selSource.
Are there any known exploits for CVE-2019-8926?
Yes, there are known exploits for CVE-2019-8926. Please refer to the provided references for more information.
- collector/nvd-index
- vendor/zohocorp
- canonical/zohocorp manageengine netflow analyzer
- version/zohocorp manageengine netflow analyzer/7.0.0.2