CVE-2012-1261

Name of the Vulnerable Software and Affected Versions Plixer International Scrutinizer NetFlow and sFlow Analyzer versions 8.6.2.16204 through 9.0.1.19898

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the standalone parameter in the cgi-bin/scrut fa exclusions.cgi endpoint. This enables attackers to execute malicious scripts on the victim's browser.

Recommendations For versions 8.6.2.16204 through 9.0.1.19898, update to version 9.0.1.19899 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi-bin/scrut fa exclusions.cgi endpoint to minimize the risk of exploitation. Avoid using the standalone parameter in the affected endpoint until the issue is resolved.