| Vulnerability Details | |
|---|---|
| Impact | CVSS V3 rating: 6.1 (Medium) |
| Reported | 25 April 2018 |
| Fixed | 18 May 2018 |
| Affected Builds | Till Build 123122 |
| Fixed in | Build 123125 |
| Overview | Vulnerability in Cross-site Scripting (XSS) |
| Recommended Fix | Upgrade to NetFlow Analyzer Version 12.3.125 or above. |
An issue was discovered in Zoho ManageEngine Netflow Analyzer 123122. Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF.
We recommend that you upgrade to NetFlow Analyzer version 12.3.125 and above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2018-10803 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at netflowanalyzer-support@manageengine.com