Cross-Site Scripting Vulnerabilities in ManageEngine EventLog Analyzer by Zoho
CVE-2010-4841

Currently unrated

Key Information:

Vendor

Manageengine
Status
Eventlog Analyzer
Vendor
CVE Published:
27 September 2011

What is CVE-2010-4841?

Multiple vulnerabilities in ManageEngine EventLog Analyzer 6.1 enable remote attackers to execute arbitrary web scripts or HTML, potentially compromising sensitive information. The exploitation targets various parameters, including HOST_ID, OS, GROUP, and others, through manipulated requests to different endpoints such as INDEX.do and globalSettings.do. These vulnerabilities were addressed in Build 9000.

References

http://www.solutionary.com/index/SERT/Vuln-Disclosures/Ma...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.