Manageengine · Zoho Manageengine Firewall Analyzer · CVE-2012-4891
**Name of the Vulnerable Software and Affected Versions**
ManageEngine Firewall Analyzer version 7.2
**Description**
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `url` parameter in the `fw/index2.do` endpoint. This is a different attack vector.
**Recommendations**
For ManageEngine Firewall Analyzer version 7.2, consider restricting access to the `fw/index2.do` endpoint until a fix is available, and avoid using the `url` parameter in this endpoint to minimize the risk of exploitation.