CVE-2018-12998
MEDIUM EXPLOITED NUCLEIZohocorp Firewall Analyzer - XSS
Title source: ruleDescription
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
Nuclei Templates (1)
Zoho manageengine - Cross-Site Scripting
MEDIUMby pikpikcu
References (4)
Scores
CVSS v3
6.1
EPSS
0.5411
EPSS Percentile
98.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
VulnCheck KEV
2025-06-11
CWE
CWE-79
Status
published
Products (5)
zohocorp/firewall_analyzer
zohocorp/manageengine_netflow_analyzer
zohocorp/manageengine_network_configuration_manager
zohocorp/manageengine_opmanager
zohocorp/manageengine_oputils
Published
Jun 29, 2018
Tracked Since
Feb 18, 2026