CVE-2012-1260

Name of the Vulnerable Software and Affected Versions Plixer International Scrutinizer NetFlow & sFlow Analyzer versions 8.6.2.16204 through 9.0.1.19899

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the newUser parameter in the cgi-bin/userprefs.cgi file. This might not be considered a vulnerability if an administrator already has the privileges to create arbitrary script.

Recommendations For versions 8.6.2.16204 through 9.0.1.19899, update to version 9.0.1.19899 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi-bin/userprefs.cgi file to minimize the risk of exploitation. Avoid using the newUser parameter in the affected API endpoint until the issue is resolved.