XSS in Zohocorp Manageengine_eventlog_analyzer

CVE-2014-5103

Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. Fixed in Version 10 Build 1…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (63.9th percentile) — read the EPSS interpretation.

Affected products

Zohocorp Manageengine_eventlog_analyzer — versions 9.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

20140722 Cross-site Scripting in EventLog Analyzer 9.0 build #9000 (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (Exploit, x_refsource_MISC)
68854 (vdb-entry, x_refsource_BID)