CVE-2019-8927

MEDIUM

ManageEngine Netflow Analyzer Professional 7.0.0.2 - Stored Cross-Site Scripting via Schedule Configuration Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8927. PoCs published by Rafael Pedrero.

AI-analyzed exploit summary This is a writeup documenting multiple XSS and path traversal vulnerabilities in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2. It includes descriptions, PoC URLs, and mitigation advice but does not contain executable exploit code.

Description

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11.

Exploits (1)

exploitdb WRITEUP

by Rafael Pedrero · htmlwebappsjsp

https://www.exploit-db.com/exploits/46425

View Code ZIP pw:eip

This is a writeup documenting multiple XSS and path traversal vulnerabilities in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2. It includes descriptions, PoC URLs, and mitigation advice but does not contain executable exploit code.

Classification

Writeup 100%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2

Auth required

Prerequisites: Authenticated access to the administration zone

MITRE ATT&CK

T1059.007 - JavaScript T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/151757/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-Traversal-XSS.html

Product, Vendor Advisory x_refsource_misc

https://www.manageengine.com/products/netflow/?doc

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2019/Feb/45

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/46425/

Scores

CVSS v3 6.1

EPSS 0.0221

EPSS Percentile 84.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

zohocorp/manageengine_netflow_analyzer 7.0.0.2

Published May 17, 2019

Tracked Since Feb 18, 2026