CVE-2012-4889

NUCLEI

ManageEngine Firewall Analyzer 7.2 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Vulnerability Research Laboratory · textwebappsjava
https://www.exploit-db.com/exploits/37029
exploitdb WORKING POC VERIFIED
by Vulnerability Research Laboratory · textwebappsjava
https://www.exploit-db.com/exploits/37030
exploitdb WORKING POC VERIFIED
by Vulnerability Research Laboratory · textwebappsjava
https://www.exploit-db.com/exploits/37032
exploitdb WORKING POC VERIFIED
by Vulnerability Research Laboratory · textwebappsjava
https://www.exploit-db.com/exploits/37031
exploitdb WORKING POC
webappshardware
https://www.exploit-db.com/exploits/35933

Nuclei Templates (1)

ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
MEDIUMby daffainfo

References (9)

Scores

EPSS 0.0376
EPSS Percentile 87.9%

Classification

CWE
CWE-79
Status published

Affected Products (2)

manageengine/firewall_analyzer
n/a/n/a

Timeline

Published Sep 10, 2012
Tracked Since Feb 18, 2026