VYPR

ManageEngine EventLog Analyzer

by Zoho

CVEs (5)

  • CVE-2018-10075MedJul 2, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.

  • CVE-2017-11687MedJul 27, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.

  • CVE-2017-11686MedJul 27, 2017
    risk 0.40cvss 6.1epss 0.02

    Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.

  • CVE-2017-11685MedJul 27, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.

  • CVE-2014-5103Jul 25, 2014
    risk 0.00cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. Fixed in Version 10 Build 10000.