Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zoho ManageEngine Event Log Analyzer 跨站脚本漏洞
Vulnerability Description
Zoho ManageEngine Event Log Analyzer是美国卓豪(Zoho)公司的一套系统、事件日志分析软件。该软件能够对全网范围内的主机、服务器、网络设备以及各种应用服务系统等产生的日志,进行全面收集和细致分析。 Zoho ManageEngine Event Log Analyzer 11.4版本和11.5版本中存在跨站脚本漏洞,该漏洞源于密码以可逆转的加密方法显示在cookie中。远程攻击者可获取用户的密码。
CVSS Information
N/A
Vulnerability Type
N/A