Cross-Site Scripting Vulnerabilities in ManageEngine EventLog Analyzer by Zoho
CVE-2014-4930

Currently unrated

Key Information:

Vendor: Zohocorp
Status: Manageengine Eventlog Analyzer
Vendor: CVE Published:; 29 August 2014

What is CVE-2014-4930?

Multiple cross-site scripting (XSS) vulnerabilities exist in the event/index2.do component of ManageEngine EventLog Analyzer versions prior to 9.0 build 9002. These vulnerabilities can be exploited by remote attackers to inject arbitrary web scripts or HTML code through various parameters, including but not limited to width, height, url, and eventCriteria. Users are advised to upgrade to the fixed version, Build 11072, to mitigate these security flaws.

References

http://www.securityfocus.com/bid/69420

vdb-entryx_refsource_BID

http://seclists.org/fulldisclosure/2014/Aug/74

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/128012/ManageEngine-...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2014
Vulnerability Reserved
Jul 11, 2014

Zohocorp

What is CVE-2014-4930?

References

Timeline