Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Zohocorp Subscribe
Filtered by product Manageengine Eventlog Analyzer

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-10076 1 Zohocorp 1 Manageengine Eventlog Analyzer 2018-08-30 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard).
CVE-2018-10075 1 Zohocorp 1 Manageengine Eventlog Analyzer 2018-08-30 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.
CVE-2018-7405 1 Zohocorp 1 Manageengine Eventlog Analyzer 2018-04-09 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-8721 1 Zohocorp 1 Manageengine Eventlog Analyzer 2018-04-06 4.3 MEDIUM 6.1 MEDIUM
Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen
CVE-2017-11687 1 Zohocorp 1 Manageengine Eventlog Analyzer 2017-08-02 4.3 MEDIUM 6.1 MEDIUM
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.
CVE-2017-11686 1 Zohocorp 1 Manageengine Eventlog Analyzer 2017-08-02 4.3 MEDIUM 6.1 MEDIUM
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
CVE-2017-11685 1 Zohocorp 1 Manageengine Eventlog Analyzer 2017-08-02 4.3 MEDIUM 6.1 MEDIUM
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.