CVE-2012-1260

N/A

Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script.

N/A

N/A

Plixer Scrutinizer NetFlow & sFlow Analyzer 跨站脚本漏洞

Plixer Scrutinizer NetFlow & sFlow Analyzer是美国Plixer公司的一套网络流量分析系统。该系统提供流量监视、上下文取证和安全分析等功能。 Plixer Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204及之后版本（9.0.1.19899版本已修复）中的cgi-bin/userprefs.cgi文件存在跨站脚本漏洞。远程攻击者可借助‘newUser’参数利用该漏洞注入任意的Web脚本或HTML。

N/A

N/A