CVE-2012-1260

MEDIUM

Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204-9.0.1.19899 - Cross-Site Scripting via newUser Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1260. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary This is a detailed security advisory from Trustwave SpiderLabs describing multiple vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer, including authentication bypass, SQL injection, and XSS. It provides proof-of-concept examples for each vulnerability but does not include executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Trustwave's SpiderLabs · textwebappsmultiple
https://www.exploit-db.com/exploits/18750

This is a detailed security advisory from Trustwave SpiderLabs describing multiple vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer, including authentication bypass, SQL injection, and XSS. It provides proof-of-concept examples for each vulnerability but does not include executable exploit code.

Classification
Writeup 100%
Attack Type
Auth Bypass | Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: Scrutinizer NetFlow and sFlow Analyzer 8.6.2 (8.6.2.16204)
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 6.1
EPSS 0.0226
EPSS Percentile 80.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
plixer/scrutinizer_netflow_\&_sflow_analyzer 8.6.2.16204 - 9.0.1.19899
Published Jan 09, 2020
Tracked Since Feb 18, 2026