470 matches found
CVE-2019-8927
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, repschedule, repType, schDesc,...
CVE-2019-8928
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName...
CVE-2019-8927
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, repschedule, repType, schDesc,...
CVE-2019-8929
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype...
Cross site scripting
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, repschedule, repType, schDesc,...
CVE-2019-8926
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource...
Cross site scripting
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource...
CVE-2019-8926
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource...
CVE-2019-8929
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype...
CVE-2019-8929
The CVE-2019-8929 entry affects Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. It describes a stored/reflective cross-site scripting (XSS) vulnerability in the Administration zone, specifically in the /netflow/jspui/selectDevice.jsp page, exploitable via the GET parameters param and rty...
CVE-2019-8928
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName...
CVE-2019-8928
CVE-2019-8928 affects Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. The vulnerability is a cross-site scripting (XSS) flaw in the web UI, exposed in /netflow/jspui/userManagementForm.jsp via the GET parameters: authMeth, passWord, pwd1, and userName. The NVD entry lists a CVSS v2 base ...
CVE-2019-8927
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, repschedule, repType, schDesc,...
CVE-2019-8927
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 is affected by an XSS vulnerability in the Adminstration zone (/netflow/jspui/scheduleConfig.jsp) via multiple GET parameters (devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, s...
CVE-2019-8926
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource...
CVE-2019-8926
CVE-2019-8926 affects Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. The vulnerability is a reflected cross-site scripting (XSS) in the Admin zone, specifically in /netflow/jspui/popup1.jsp, exploitable via GET parameters bussAlert, customDev, and selSource. The technical details in con...
CVE-2019-8925
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet via the parameter schFilePath, allows remote authenticated users to bypass intended SecurityManager...
CVE-2019-8925
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet via the parameter schFilePath, allows remote authenticated users to bypass intended SecurityManager...
Path traversal
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet via the parameter schFilePath, allows remote authenticated users to bypass intended SecurityManager...
CVE-2019-8925
CVE-2019-8925 affects Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. The issue is an Absolute Path Traversal in the Administration zone, exploited via the parameter schFilePath to /netflow/servlet/CReportPDFServlet. This allows remote authenticated users to bypass SecurityManager restri...