Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Manageengine | Firewall Analyzer | 7.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/80872
- http://osvdb.org/80873
- http://osvdb.org/80874
- http://osvdb.org/80875
- http://packetstormsecurity.org/files/111474/VL-437.txtExploit
- http://secunia.com/advisories/48657Vendor Advisory
- http://www.securityfocus.com/bid/52841Exploit
- http://www.vulnerability-lab.com/get_content.php?id=437
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74538
- http://osvdb.org/80872
- http://osvdb.org/80873
- http://osvdb.org/80874
- http://osvdb.org/80875
- http://packetstormsecurity.org/files/111474/VL-437.txtExploit
- http://secunia.com/advisories/48657Vendor Advisory
FAQ
What is CVE-2012-4889?
CVE-2012-4889 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to creat...
How severe is CVE-2012-4889?
CVE-2012-4889 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4889?
Check the references section above for vendor advisories and patch information. Affected products include: Manageengine Firewall Analyzer.