Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do. Fixed in Build 9000.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2011-09-27T19:00:00
Updated: 2020-03-26T13:12:22
Reserved: 2011-09-23T00:00:00
Link: CVE-2010-4841
JSON object: View
NVD Information
Status : Modified
Published: 2011-09-27T19:55:03.060
Modified: 2020-03-26T14:15:11.653
Link: CVE-2010-4841
JSON object: View
Redhat Information
No data.
CWE