Total vulnerabilities in the database
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
Software | From | Fixed in |
---|---|---|
zohocorp / manageengine_eventlog_analyzer | 11.4 | 11.4.x |
zohocorp / manageengine_eventlog_analyzer | 11.5 | 11.5.x |