ManageEngine Firewall Analyzer Multiple XSS
Medium Nessus Plugin ID 90445
SynopsisThe remote web server hosts an application that is affected by multiple cross-site scripting vulnerabilities.
DescriptionThe ManageEngine Firewall Analyzer running on the remote web server is affected by multiple cross-site scripting (XSS) vulnerabilities due to improper validation of user-supplied input. A remote attacker can exploit these vulnerabilities to execute arbitrary script code in a user's browser session. The XSS vulnerabilities exist in the following scripts :
Note that Nessus has only attempted to exploit the XSS vulnerability in the viewListPageAction.nms script. Also note that a SQL injection vulnerability exists; however, Nessus did not test for this vulnerability.
SolutionUpgrade to ManageEngine Firewall Analyzer version 12.0.