CVE-2019-11676

Published: May 2, 2019Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks.

Affected (36)

Products: Zohocorp: Manageengine Firewall Analyzer

Zohocorp

1 product

Manageengine Firewall Analyzer

Configuration A

36 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Firewall Analyzer	Version 12.0 12000
Zohocorp Manageengine Firewall Analyzer	Version 12.2 12200
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123008
Zohocorp Manageengine Firewall Analyzer	Version 12.3 12300
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123027
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123045
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123057
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123064
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123070
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123083
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123092
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123126
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123129
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123137
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123151
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123156
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123164
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123169
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123177
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123182
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123185
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123186
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123194
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123197
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123208
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123218
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123222
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123223
Zohocorp Manageengine Firewall Analyzer	Version 7.2 7020
Zohocorp Manageengine Firewall Analyzer	Version 7.2 7021
Zohocorp Manageengine Firewall Analyzer	Version 7.4 7400
Zohocorp Manageengine Firewall Analyzer	Version 7.6 7600
Zohocorp Manageengine Firewall Analyzer	Version 8.0 8000
Zohocorp Manageengine Firewall Analyzer	Version 8.1 8110
Zohocorp Manageengine Firewall Analyzer	Version 8.3 8300
Zohocorp Manageengine Firewall Analyzer	Version 8.5 8500

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://www.manageengine.com/products/firewall/release-notes.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://www.manageengine.com/products/firewall/release-notes.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.