CVE-2008-1538

Name of the Vulnerable Software and Affected Versions ManageEngine EventLog Analyzer versions prior to 10.0 Build 10000

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the searchText parameter in the "searchAction.do" endpoint.

Recommendations For versions prior to 10.0 Build 10000, update to EventLog Analyzer 10.0 Build 10000 to resolve the issue. As a temporary workaround, consider restricting access to the "searchAction.do" endpoint or avoiding the use of the searchText parameter until the update is applied.