CVE-2018-10803

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine NetFlow Analyzer versions prior to 12.3.125 (build 123125)

Description A cross-site scripting (XSS) issue exists in the add credentials functionality, allowing remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through Cross-Site Request Forgery (CSRF).

Recommendations For versions prior to 12.3.125 (build 123125), update to version 12.3.125 (build 123125) or later to resolve the issue. As a temporary workaround, consider restricting access to the add credentials functionality to minimize the risk of exploitation. Avoid using crafted description values in the affected functionality until the issue is resolved.