CVE-2012-4889

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.

Published: Sep 11, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-4889
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
manageengine / firewall_analyzer	7.2	7.2.x

http://osvdb.org/80872
http://osvdb.org/80873
http://osvdb.org/80874
http://osvdb.org/80875
http://packetstormsecurity.org/files/111474/VL-437.txt
http://secunia.com/advisories/48657
http://www.securityfocus.com/bid/52841
http://www.vulnerability-lab.com/get_content.php?id=437
https://exchange.xforce.ibmcloud.com/vulnerabilities/74538

Vulnerability Database

CVE-2012-4889