Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4841 | 1 Manageengine | 1 Eventlog Analyzer | 2024-11-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do. Fixed in Build 9000. | |||||
CVE-2010-4840 | 1 Manageengine | 1 Eventlog Analyzer | 2024-11-21 | 7.5 HIGH | N/A |
Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote attackers to cause a denial of service (SysEvttCol.exe process crash) or possibly execute arbitrary code via a long Syslog PRI message header to UDP port (1) 513 or (2) 514. Fixed in 7.2 Build 7020. | |||||
CVE-2008-1538 | 1 Manageengine | 1 Eventlog Analyzer | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Fixed in EventLog Analyzer 10.0 Build 10000. |