- Description
- Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. Fixed in Build 11072.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:9000:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A49F14B4-A3E9-4F95-997F-DA1EFE54CE84",
"versionEndIncluding": "9.0"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB4DFBC7-E120-4984-8A71-10874D2DABB5"
}
],
"operator": "OR"
}
]
}
]