CVE-2019-8926

MEDIUM

ManageEngine Netflow Analyzer Professional 7.0.0.2 - Cross-Site Scripting via Administration Zone Popup Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8926. PoCs published by Rafael Pedrero.

AI-analyzed exploit summary This is a writeup documenting multiple XSS and path traversal vulnerabilities in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2. It includes descriptions, PoC URLs, and mitigation advice but does not contain executable exploit code.

Description

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.

Exploits (1)

exploitdb WRITEUP
by Rafael Pedrero · htmlwebappsjsp
https://www.exploit-db.com/exploits/46425

This is a writeup documenting multiple XSS and path traversal vulnerabilities in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2. It includes descriptions, PoC URLs, and mitigation advice but does not contain executable exploit code.

Classification
Writeup 100%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2
Auth required
Prerequisites: Authenticated access to the administration zone
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2019/Feb/45
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/46425/

Scores

CVSS v3 6.1
EPSS 0.0165
EPSS Percentile 82.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
zohocorp/manageengine_netflow_analyzer 7.0.0.2
Published May 17, 2019
Tracked Since Feb 18, 2026