CVE-2010-4841

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do. Fixed in Build 9000.
Configurations

Configuration 1 (hide)

cpe:2.3:a:manageengine:eventlog_analyzer:6.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:21

Type Values Removed Values Added
References () http://www.solutionary.com/index/SERT/Vuln-Disclosures/ManageEngine-XSS-vulnerabilities.html - () http://www.solutionary.com/index/SERT/Vuln-Disclosures/ManageEngine-XSS-vulnerabilities.html -

Information

Published : 2011-09-27 19:55

Updated : 2024-11-21 01:21


NVD link : CVE-2010-4841

Mitre link : CVE-2010-4841

CVE.ORG link : CVE-2010-4841


JSON object : View

Products Affected

manageengine

  • eventlog_analyzer
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')