CVE-2017-11685: XSS
First published: Thu Jul 27 2017(Updated: )
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Eventlog Analyzer | =11.4 | |
| Zohocorp Manageengine Eventlog Analyzer | =11.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-11685?
CVE-2017-11685 is classified as a high severity vulnerability due to the potential for remote code execution via cross-site scripting.
How do I fix CVE-2017-11685?
To remediate CVE-2017-11685, upgrade Zoho ManageEngine Event Log Analyzer to the latest version that addresses these vulnerabilities.
What type of attacks can be launched using CVE-2017-11685?
Attackers can exploit CVE-2017-11685 to launch reflective cross-site scripting attacks, potentially compromising user sessions.
Which versions of Zoho ManageEngine Event Log Analyzer are affected by CVE-2017-11685?
CVE-2017-11685 affects Zoho ManageEngine Event Log Analyzer versions 11.4 and 11.5.
Is it possible to prevent exploitation of CVE-2017-11685?
Preventing exploitation of CVE-2017-11685 includes input validation and escaping output to mitigate cross-site scripting risks.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- vendor/zohocorp
- canonical/zohocorp manageengine eventlog analyzer
- version/zohocorp manageengine eventlog analyzer/11.4
- version/zohocorp manageengine eventlog analyzer/11.5