Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do. Fixed in Build 9000.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-09-27T19:00:00

Updated: 2024-08-07T04:02:30.440Z

Reserved: 2011-09-23T00:00:00

Link: CVE-2010-4841

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-09-27T19:55:03.060

Modified: 2024-11-21T01:21:53.650

Link: CVE-2010-4841

cve-icon Redhat

No data.