CVE-2019-11676

MEDIUM

Zoho ManageEngine Firewall Analyzer <12.3 - XSS

Title source: llm
STIX 2.1

Description

The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks.

References (1)

Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.manageengine.com/products/firewall/release-notes.html

Scores

CVSS v3 6.1
EPSS 0.0129
EPSS Percentile 79.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (10)
zohocorp/manageengine_firewall_analyzer 7.2 7020 (2 CPE variants)
zohocorp/manageengine_firewall_analyzer 7.4 7400
zohocorp/manageengine_firewall_analyzer 7.6 7600
zohocorp/manageengine_firewall_analyzer 8.0 8000
zohocorp/manageengine_firewall_analyzer 8.1 8110
zohocorp/manageengine_firewall_analyzer 8.3 8300
zohocorp/manageengine_firewall_analyzer 8.5 8500
zohocorp/manageengine_firewall_analyzer 12.0 12000
zohocorp/manageengine_firewall_analyzer 12.2 12200
zohocorp/manageengine_firewall_analyzer 12.3 12300 (26 CPE variants)
Published May 02, 2019
Tracked Since Feb 18, 2026