Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2012-1260

Published: 09/01/2020 Updated: 22/01/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Scrutinizer Netflow \& Sflow Analyzer

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions prior to 9.0.1.19899, allows remote malicious users to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

plixer scrutinizer netflow \\& sflow analyzer

Exploits

Exploit DB: Scrutinizer NetFlow & sFlow Analyzer - Multiple Vulnerabilities
Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer wwwtrustwavecom/spiderlabs/advisories/TWSL2012-008txt Published: 04/11/12 Version: 10 Vendor: Plixer International (wwwplixercom) Product: Scrutinizer NetFlow and sFlow Analyzer Version affected: 862 ( ...
Exploit DB: Scrutinizer 8.6.2 Bypass / Cross Site Scripting / SQL Injection
Scrutinizer NetFlow and sFlow Analyzer version 862 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities ...

References

CWE-79http://www.securityfocus.com/bid/52989https://exchange.xforce.ibmcloud.com/vulnerabilities/74825http://www.exploit-db.com/exploits/18750http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.htmlhttps://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/https://nvd.nist.govhttps://www.exploit-db.com/exploits/18750/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook