CVE-2007-3593

Name of the Vulnerable Software and Affected Versions ManageEngine NetFlow Analyzer versions 5

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters in different API endpoints, including the alpha parameter in "/netflow/jspui/applicationList.jsp", the task parameter in "/netflow/jspui/appConfig.jsp", the view parameter in "/netflow/jspui/index.jsp", and the rtype parameter in both "/netflow/jspui/selectDevice.jsp" and "/netflow/jspui/customReport.jsp".

Recommendations For ManageEngine NetFlow Analyzer version 5, update to a version that includes the fix for these XSS vulnerabilities. As a temporary workaround, consider restricting access to the vulnerable API endpoints, such as "/netflow/jspui/applicationList.jsp", "/netflow/jspui/appConfig.jsp", "/netflow/jspui/index.jsp", "/netflow/jspui/selectDevice.jsp", and "/netflow/jspui/customReport.jsp", until a patch is available.