Wednesday, January 29, 2014

ManageEngine EventLog Analyzer event/j_security_check j_username Parameter Reflected XSS

ManageEngine EventLog Analyzer event/j_security_check j_username Parameter Reflected XSS
================================================================================================================================================================

ManageEngine EventLog Analyzer 8.6 cross-site scripting (XSS) Vulnerability
================================================================================================================================================================


#Date- 12/12/2013

# code by Asheesh kumar Mani Tripathi

http://www.osvdb.org/show/osvdb/102270
http://www.osvdb.org/show/osvdb/102270



# Credit by Asheesh Anaconda



#Vulnerbility
ManageEngine EventLog Analyzer 8.6 is prone to an cross-site scripting (XSS) Vulnerability because the application fails to properly
sanitize user-supplied input

#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)