================================================================
ManageEngine Firewall Analyzer 8.5– Multiple Cross-Site Scripting Vulnerability
================================================================
Information
---------------------------------------------------------------------------------------------------------------------------------
Vulnerability Type : Multiple Cross Site Scripting Vulnerability
Vulnerable Version : 8.5
CVE-ID :
Severity : High
Author – Sachin Wagh (@tiger_tigerboy)
Description
---------------------------------------------------------------------------------------------------------------------------------
ManageEngine Firewall Analyzer is an agent less log analytics and configuration management software that helps network administrators to centrally collect,
archive, analyze their security device logs and generate forensic reports out of it.
ManageEngine Firewall Analyzer is prone to Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected site.
Proof of Concept URL
-----------------------------------------------------------------------------------------------------------------------------------
Please find attached POC.
Affected Product:
-------------------------------------------------------------------------------------------------------------------------------------
Vulnerable Product:
[+] ManageEngine Firewall Analyzer 8.5
Credits & Authors
-------------------------------------------------------------------------------------------------------------------------------------
Sachin Wagh (@tiger_tigerboy)
Thanks