Описание
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.4:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.5:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00474
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.
EPSS
Процентиль: 64%
0.00474
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79