ManageEngine Firewall Analyzer 8.3 Reflected Cross-site Scripting Vulnerability

  • Post author:
  • Reading time:1 mins read

SecPod Research Team member (Thanga Prakash) has found Multiple Reflected Cross-site

Scripting Vulnerabilities in ManageEngine Firewall Analyzer. The vulnerability is caused by improper validation of various parameters in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data.

Complete Advisory information can be found here.

Advisory in CVRF format can be found here.

Welcome any feedback or suggestions.
Cheers!
SecPod Research Team

Share this article