Information
---------------------------------------------------------------------------------------------------------------------------------
Vulnerability Type : Reflected Cross Site Scripting Vulnerability
Vulnerable Version : 11.0 Build 11000
CVE-ID :
Severity : Low
Author – Omkar Joshi
Description
---------------------------------------------------------------------------------------------------------------------------------
EventLog Analyzer provides the most cost-effective Security Information and Event Management (SIEM) software on the market. Using this Log Analyzer software, organizations can automate the entire process of managing terabytes of machine generated logs by collecting, analyzing, correlating, searching, reporting, and archiving from one central location. This event log analyzer software helps to monitor file integrity, conduct log forensics analysis, monitor privileged users and comply to different compliance regulatory bodies by intelligently analyzing your logs and instantly generating a variety of reports like user activity reports, historical trend reports, and more.
Proof of Concept URL
-----------------------------------------------------------------------------------------------------------------------------------
http://localhost:8400/event/index2.do?url=ConfigureTemplate&tab=system&sel=13&helpP=fim&link=1
Affected Product:
-------------------------------------------------------------------------------------------------------------------------------------
Vulnerable Product:
[+] ManageEngine EventLog Analyzer 11.0 Build 11000
Credits & Authors
-------------------------------------------------------------------------------------------------------------------------------------
Omkar Joshi
Thanks & Regards,
Omkar Joshi
(+91)8087226463