Cross-Site Scripting Vulnerabilities in ManageEngine EventLog Analyzer by Zoho
CVE-2010-4841

Currently unrated

Key Information:

Vendor
Manageengine
Status
Eventlog Analyzer
Vendor
CVE Published:
27 September 2011

Summary

Multiple vulnerabilities in ManageEngine EventLog Analyzer 6.1 enable remote attackers to execute arbitrary web scripts or HTML, potentially compromising sensitive information. The exploitation targets various parameters, including HOST_ID, OS, GROUP, and others, through manipulated requests to different endpoints such as INDEX.do and globalSettings.do. These vulnerabilities were addressed in Build 9000.

References

http://www.solutionary.com/index/SERT/Vuln-Disclosures/Ma...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.