Medium severity6.1NVD Advisory· Published Jun 29, 2018· Updated Jun 17, 2026

CVE-2018-12998

Description

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Zoho/OpManagerllm-create
Range: <123148
Zoho/ManageEngine Netflow Analyzer Professionalllm-fuzzy
Range: <123137
Zoho/ManageEngine Network Configuration Managerllm-fuzzy
Range: <123128

Patches

Vulnerability mechanics

References

packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.htmlnvdExploitThird Party AdvisoryVDB Entry
seclists.org/fulldisclosure/2018/Jul/75nvdExploitMailing ListThird Party Advisory
www.cnnvd.org.cn/web/xxk/ldxqById.tagnvdExploitThird Party Advisory
github.com/unh3x/just4cve/issues/10nvdExploitThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.079
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000