Vulnerabilities > Zohocorp > Manageengine Eventlog Analyzer

DATE CVE VULNERABILITY TITLE RISK
2018-03-13 CVE-2018-7405 Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer
Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
zohocorp CWE-79
6.1
6.1
2017-07-27 CVE-2017-11687 Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.
network
low complexity
zohocorp CWE-79
6.1
6.1
2017-07-27 CVE-2017-11686 Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
network
low complexity
zohocorp CWE-79
6.1
6.1
2017-07-27 CVE-2017-11685 Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.
network
low complexity
zohocorp CWE-79
6.1
6.1