Vulnerabilities > Zohocorp > Manageengine Eventlog Analyzer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-13 | CVE-2014-6039 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Eventlog Analyzer 7.0/9.0/9.9 ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. | 5.0 |
| 2018-07-02 | CVE-2018-10076 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.12 An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. | 4.3 |
| 2018-07-02 | CVE-2018-10075 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.12 Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. | 4.3 |
| 2018-03-15 | CVE-2018-8721 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.0 Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen | 4.3 |
| 2018-03-13 | CVE-2018-7405 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2017-07-27 | CVE-2017-11687 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5 Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog. | 4.3 |
| 2017-07-27 | CVE-2017-11686 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5 Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method. | 4.3 |
| 2017-07-27 | CVE-2017-11685 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5 Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter. | 4.3 |
| 2014-09-11 | CVE-2014-6043 | Permissions, Privileges, and Access Controls vulnerability in Zohocorp Manageengine Eventlog Analyzer 8.2/9.0 ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. | 6.5 |
| 2014-08-29 | CVE-2014-4930 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 7.0/9.0 Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. | 4.3 |