Cross-Site Scripting Vulnerability in ManageEngine EventLog Analyzer
CVE-2008-1538

Currently unrated

Key Information:

Vendor: Manageengine
Status: Eventlog Analyzer
Vendor: CVE Published:; 28 March 2008

Summary

A cross-site scripting vulnerability exists in the searchAction.do component of ManageEngine EventLog Analyzer 5. This flaw allows remote attackers to inject arbitrary web scripts or HTML code via the searchText parameter. Successful exploitation can lead to unauthorized actions being performed on behalf of a user, data theft, and other security issues. The vulnerability was addressed in EventLog Analyzer version 10.0 Build 10000.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/41408

vdb-entryx_refsource_XF

http://secunia.com/advisories/29524

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 28, 2008
Vulnerability Reserved
Mar 28, 2008