CVE-2019-8929

MEDIUM

ManageEngine Netflow Analyzer 7.0.0.2 - Cross-Site Scripting via Device Selection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8929. PoCs published by Rafael Pedrero.

AI-analyzed exploit summary This is a writeup documenting multiple XSS and path traversal vulnerabilities in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2. It includes descriptions, PoC URLs, and mitigation advice but does not contain executable exploit code.

Description

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.

Exploits (1)

exploitdb WRITEUP
by Rafael Pedrero · htmlwebappsjsp
https://www.exploit-db.com/exploits/46425

This is a writeup documenting multiple XSS and path traversal vulnerabilities in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2. It includes descriptions, PoC URLs, and mitigation advice but does not contain executable exploit code.

Classification
Writeup 100%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2
Auth required
Prerequisites: Authenticated access to the administration zone
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46425/
Product, Vendor Advisory x_refsource_misc
https://www.manageengine.com/products/netflow/?doc
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Feb/45

Scores

CVSS v3 6.1
EPSS 0.0256
EPSS Percentile 85.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
zohocorp/manageengine_netflow_analyzer 7.0.0.2
Published May 17, 2019
Tracked Since Feb 18, 2026