CVE-2014-4930
https://notcve.org/view.php?id=CVE-2014-4930
Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. Fixed in Build 11072. Múltiples vulnerabilidades de cross-site scripting (XSS) en event / index2.do en ManageEngine EventLog Analyzer anterior a la versión 9.0, compilación 9002, permiten a los atacantes remotos inyectar script web arbitrario o HTML a través del (1) ancho, (2) altura, (3) url (4) helpP, (5) pestaña, (6) módulo, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, o (14) parámetro del producto. Corregido en Build 11072. • http://packetstormsecurity.com/files/128012/ManageEngine-EventLog-Analyzer-7-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2014/Aug/74 http://www.securityfocus.com/bid/69420 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-5103
https://notcve.org/view.php?id=CVE-2014-5103
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. Fixed in Version 10 Build 10000. La vulnerabilidad de secuencias Cross-site scripting (XSS) en ZOHO ManageEngine EventLog Analyzer 9 build 9000 permite a los atacantes remotos inyectar secuencias de comandos web arbitrarias o HTML a través del parámetro j_username en event / j_security_check. Corregido en la Versión 10 Build 10000. • http://packetstormsecurity.com/files/127568/EventLog-Analyzer-9.0-Build-9000-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/532856/100/0/threaded http://www.securityfocus.com/bid/68854 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •