Unh3X

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Netflow Analyzer versions prior to build 123137 Zoho ManageEngine Network Configuration Manager versions prior to build 123128 Zoho ManageEngine OpManager versions prior to build 123148 Zoho ManageEngine OpUtils versions prior to build 123161 Zoho ManageEngine Firewall Analyzer versions prior to build 123147 **Description** A reflected Cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `operation` parameter to the "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet" API endpoint. **Recommendations** For Zoho ManageEngine Netflow Analyzer versions prior to build 123137, update to build 123137 or later. For Zoho ManageEngine Network Configuration Manager versions prior to build 123128, update to build 123128 or later. For Zoho ManageEngine OpManager versions prior to build 123148, update to build 123148 or later. For Zoho ManageEngine OpUtils versions prior to build 123161, update to build 123161 or later. For Zoho ManageEngine Firewall Analyzer versions prior to build 123147, update to build 123147 or later. As a temporary workaround, consider restricting access to the "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet" API endpoint and avoid using the `operation` parameter until a patch is applied.