CVE-2012-1261

MEDIUM

Scrutinizer NetFlow & sFlow Analyzer < 8.6.2.16204 - Cross-Site Scripting via Standalone Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1261. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary This is a detailed security advisory from Trustwave SpiderLabs describing multiple vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer, including authentication bypass, SQL injection, and XSS. It provides proof-of-concept examples for each vulnerability but does not include executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Trustwave's SpiderLabs · textwebappsmultiple
https://www.exploit-db.com/exploits/18750

This is a detailed security advisory from Trustwave SpiderLabs describing multiple vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer, including authentication bypass, SQL injection, and XSS. It provides proof-of-concept examples for each vulnerability but does not include executable exploit code.

Classification
Writeup 100%
Attack Type
Auth Bypass | Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: Scrutinizer NetFlow and sFlow Analyzer 8.6.2 (8.6.2.16204)
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/18750
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/52989
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/74827

Scores

CVSS v3 6.1
EPSS 0.0222
EPSS Percentile 80.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
plixer/scrutinizer_netflow_\&_sflow_analyzer < 8.6.2.16204
Published Jan 09, 2020
Tracked Since Feb 18, 2026