CVE-2010-4841

Currently unrated

Key Information:

Vendor: Manageengine
Status: Eventlog Analyzer
Vendor: CVE Published:; 27 September 2011

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do. Fixed in Build 9000.

References

http://www.solutionary.com/index/SERT/Vuln-Disclosures/Ma...

x_refsource_MISC

Timeline

Vulnerability published
Sep 27, 2011
Vulnerability Reserved
Sep 23, 2011

Collectors

NVD DatabaseMitre Database