CVE-2018-8721

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

1.5%

top 19.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Eventlog Analyzer

Timeline

PublishedMar 15

Latest updateMay 14

Description

Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDzohocorp/manageengine_eventlog_analyzer11.0

🔴Vulnerability Details

GHSA

GHSA-qm56-55hf-4v9p: Zoho ManageEngine EventLog Analyzer version 11↗2022-05-14

▶

CVEList

CVE-2018-8721: Zoho ManageEngine EventLog Analyzer version 11↗2018-03-15

▶