ManageEngine EventLog Analyzer
by Zoho
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10075 | Med | 0.40 | 6.1 | 0.01 | Jul 2, 2018 | Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. | ||
| CVE-2017-11687 | Med | 0.40 | 6.1 | 0.01 | Jul 27, 2017 | Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog. | ||
| CVE-2017-11686 | Med | 0.40 | 6.1 | 0.02 | Jul 27, 2017 | Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method. | ||
| CVE-2017-11685 | Med | 0.40 | 6.1 | 0.01 | Jul 27, 2017 | Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter. | ||
| CVE-2014-5103 | 0.00 | — | 0.04 | Jul 25, 2014 | Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. Fixed in Version 10 Build 10000. |
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.
- risk 0.40cvss 6.1epss 0.01
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.
- risk 0.40cvss 6.1epss 0.02
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
- risk 0.40cvss 6.1epss 0.01
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.
- CVE-2014-5103Jul 25, 2014risk 0.00cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. Fixed in Version 10 Build 10000.