Stored XSS Vulnerability in Zoho ManageEngine EventLog Analyzer
CVE-2018-8721

6.1MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Eventlog Analyzer
Vendor: CVE Published:; 15 March 2018

What is CVE-2018-8721?

The vulnerability in Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 arises from a stored XSS issue related to the 'index2.do?url=editAlertForm&tab=alert&alert=profile' URI. This weakness allows attackers to inject malicious scripts into the application, which can then be executed in the context of a user's session, compromising user data and security.

References

http://www.securityfocus.com/bid/103424

vdb-entryx_refsource_BID

https://pitstop.manageengine.com/portal/community/topic/m...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 15, 2018
Vulnerability Reserved
Mar 14, 2018

JSON

Zohocorp

What is CVE-2018-8721?

References

CVSS V3.1

Timeline