CVE-2017-11687

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.5%

top 35.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Eventlog Analyzer

Timeline

PublishedJul 27

Latest updateMay 17

Description

Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDzohocorp/manageengine_eventlog_analyzer11.4, 11.5+1

🔴Vulnerability Details

GHSA

GHSA-89h3-vmwm-8q3w: Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11↗2022-05-17

▶

CVEList

CVE-2017-11687: Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11↗2017-07-27

▶