Cross-Site Scripting Vulnerabilities in ManageEngine EventLog Analyzer by Zoho
CVE-2014-4930

Currently unrated

Key Information:

Vendor

Zohocorp
Status
Manageengine Eventlog Analyzer
Vendor
CVE Published:
29 August 2014

What is CVE-2014-4930?

Multiple cross-site scripting (XSS) vulnerabilities exist in the event/index2.do component of ManageEngine EventLog Analyzer versions prior to 9.0 build 9002. These vulnerabilities can be exploited by remote attackers to inject arbitrary web scripts or HTML code through various parameters, including but not limited to width, height, url, and eventCriteria. Users are advised to upgrade to the fixed version, Build 11072, to mitigate these security flaws.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/69420
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2014/Aug/74
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/128012/ManageEngine-...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.