CVE-2017-11687: XSS
First published: Thu Jul 27 2017(Updated: )
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Eventlog Analyzer | =11.4 | |
| Zohocorp Manageengine Eventlog Analyzer | =11.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-11687?
CVE-2017-11687 is classified as a medium severity vulnerability due to its potential impact on web security.
What are the potential impacts of CVE-2017-11687?
CVE-2017-11687 could allow remote attackers to execute arbitrary web scripts or HTML, leading to persistent cross-site scripting vulnerabilities.
How do I fix CVE-2017-11687?
To fix CVE-2017-11687, upgrade your Zoho ManageEngine Event Log Analyzer to the latest version that addresses this vulnerability.
Which versions of ManageEngine are affected by CVE-2017-11687?
CVE-2017-11687 affects Zoho ManageEngine Event Log Analyzer versions 11.4 and 11.5.
Is CVE-2017-11687 a persistent or non-persistent XSS vulnerability?
CVE-2017-11687 is classified as a persistent cross-site scripting (XSS) vulnerability.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/zohocorp
- canonical/zohocorp manageengine eventlog analyzer
- version/zohocorp manageengine eventlog analyzer/11.4
- version/zohocorp manageengine eventlog analyzer/11.5