CVE-2012-4889
published 2012-09-10CVE-2012-4889: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the…
PriorityP425medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
7.72%
93.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| manageengine | firewall_analyzer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q45h-39rg-jm9r: Cross-site scripting (XSS) vulnerability in fw/index2
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2012-4891 [MEDIUM] CWE-79 GHSA-q45h-39rg-jm9r: Cross-site scripting (XSS) vulnerability in fw/index2
Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
GHSA
GHSA-jx3c-6xm2-5287: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7
ghsa_unreviewed·2022-05-17
CVE-2012-4889 [MEDIUM] CWE-79 GHSA-jx3c-6xm2-5287: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
No detection rules found.
Exploit-DB
ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting
exploitdb·2015-01-29
CVE-2012-4891 ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting
ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting
---
################################################################################################
# #
# ...:::::ManageEngine Firewall Analyzer Directory Traversal/XSS Vulnerabilities::::.... #
# #############################################################################################
Sobhan System Network & Security Group (sobhansys)
# Date: 2015-01-28
# Exploit Author: AmirHadi Yazdani (Sobhansys Co)
# Vendor Homepage: http://www.manageengine.com/products/firewall/
# Demo Link: http://demo.fwanalyzer.com/
#Affected version: <= Build Version : 8.0
About ManageEngine Firewall Analyzer (From Vendor Site) :
ManageEngine Firewall Analyzer is an agent less log analytics and configuration management sof
Exploit-DB
ManageEngine Firewall Analyzer 7.2 - 'fw/createAnomaly.do?subTab' Cross-Site Scripting
exploitdb·2012-04-01
CVE-2012-4889 ManageEngine Firewall Analyzer 7.2 - 'fw/createAnomaly.do?subTab' Cross-Site Scripting
ManageEngine Firewall Analyzer 7.2 - 'fw/createAnomaly.do?subTab' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/52841/info
Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Firewall Analyzer 7.2 is affected; other versions may also be vulnerable.
http://www.example.com.com/fw/createAnomaly.do?subTab=%22%3E%3Cscript%3Ealert%281337%29%3C/script%3EaddAlert&;
tab=alert%22%3E%3Cscript%3Ealert%28vlab%29%3C/script%3E&demoConfigure=true
Exploit-DB
ManageEngine Firewall Analyzer 7.2 - '/fw/index2.do' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2012-04-01
CVE-2012-4889 ManageEngine Firewall Analyzer 7.2 - '/fw/index2.do' Multiple Cross-Site Scripting Vulnerabilities
ManageEngine Firewall Analyzer 7.2 - '/fw/index2.do' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/52841/info
Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Firewall Analyzer 7.2 is affected; other versions may also be vulnerable.
http://www.example.com/fw/index2.do?url=adminHome&tab=system%22%3E%3Cscript%3Ealert%28%27vlab%27%29%3C/script%3El
Exploit-DB
ManageEngine Firewall Analyzer 7.2 - 'fw/syslogViewer.do?port' Cross-Site Scripting
exploitdb·2012-04-01
CVE-2012-4889 ManageEngine Firewall Analyzer 7.2 - 'fw/syslogViewer.do?port' Cross-Site Scripting
ManageEngine Firewall Analyzer 7.2 - 'fw/syslogViewer.do?port' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/52841/info
Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Firewall Analyzer 7.2 is affected; other versions may also be vulnerable.
http://www.example.com/fw/syslogViewer.do?port=%22%3E%3Cscript%3Ealert%28vlab%29%3C/script%3E
Exploit-DB
ManageEngine Firewall Analyzer 7.2 - 'fw/mindex.do?url' Cross-Site Scripting
exploitdb·2012-04-01
CVE-2012-4889 ManageEngine Firewall Analyzer 7.2 - 'fw/mindex.do?url' Cross-Site Scripting
ManageEngine Firewall Analyzer 7.2 - 'fw/mindex.do?url' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/52841/info
Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Firewall Analyzer 7.2 is affected; other versions may also be vulnerable.
http://www.example.com/fw/mindex.do?url=%22%3E%3Cscript%3Ealert%28%27vlab%27%29%3C/script%3EliveReportDash%22%3E
%3Cscript%3Ealert%28%27vlab%27%29%3C/script%3E&subTab=%22%3E%3Cscript%3Ealert%28%27vlab%27%29%3C/
Nuclei
ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
nuclei·CVSS 4.3
CVE-2012-4889 [MEDIUM] ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
Template:
id: CVE-2012-4889
info:
name: ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to min
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2012-1585 openstack-nova: Long server names grow nova-api log files significantly [fedora-17]
bugzilla·2012-03-29·CVSS 4.0
CVE-2012-1585 [MEDIUM] CVE-2012-1585 openstack-nova: Long server names grow nova-api log files significantly [fedora-17]
CVE-2012-1585 openstack-nova: Long server names grow nova-api log files significantly [fedora-17]
please see the bug #808146 for more details on this vulnerability
Discussion:
openstack-nova-2012.1-0.10.rc1.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/openstack-nova-2012.1-0.10.rc1.fc17
---
Package openstack-nova-2012.1-0.10.rc1.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openstack-nova-2012.1-0.10.rc1.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-4889/openstack-nova-2012.1-0.10.rc1.fc17
then log in and leave
http://osvdb.org/80872http://osvdb.org/80873http://osvdb.org/80874http://osvdb.org/80875http://packetstormsecurity.org/files/111474/VL-437.txthttp://secunia.com/advisories/48657http://www.securityfocus.com/bid/52841http://www.vulnerability-lab.com/get_content.php?id=437https://exchange.xforce.ibmcloud.com/vulnerabilities/74538http://osvdb.org/80872http://osvdb.org/80873http://osvdb.org/80874http://osvdb.org/80875http://packetstormsecurity.org/files/111474/VL-437.txthttp://secunia.com/advisories/48657http://www.securityfocus.com/bid/52841http://www.vulnerability-lab.com/get_content.php?id=437https://exchange.xforce.ibmcloud.com/vulnerabilities/74538
2012-09-10
Published