Cross-site Scripting Vulnerability in Zoho ManageEngine EventLog Analyzer by Zoho
CVE-2014-5103

Currently unrated

Key Information:

Vendor: Zohocorp
Status: Manageengine Eventlog Analyzer
Vendor: CVE Published:; 25 July 2014

What is CVE-2014-5103?

A cross-site scripting vulnerability exists in Zoho's ManageEngine EventLog Analyzer version 9 build 9000. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the j_username parameter during the j_security_check process. The vulnerability can be exploited by attackers to execute malicious scripts in the context of the user's browser, potentially leading to unauthorized access or data exposure. The issue has been addressed in version 10 build 10000, where appropriate patches have been implemented to mitigate this security risk.

References

http://www.securityfocus.com/archive/1/532856/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/127568/EventLog-Anal...

x_refsource_MISC

http://www.securityfocus.com/bid/68854

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2014
Vulnerability Reserved
Jul 25, 2014

Zohocorp

What is CVE-2014-5103?

References

Timeline