CVE-2017-11685

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.5%

top 35.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Eventlog Analyzer

Timeline

PublishedJul 27

Latest updateMay 17

Description

Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDzohocorp/manageengine_eventlog_analyzer11.4, 11.5+1

🔴Vulnerability Details

GHSA

GHSA-fhhw-q9mf-wxvh: Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11↗2022-05-17

▶

CVEList

CVE-2017-11685: Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11↗2017-07-27

▶