CVE-2014-5103

Name of the Vulnerable Software and Affected Versions ZOHO ManageEngine EventLog Analyzer versions prior to 10 Build 10000

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the j username parameter to "event/j security check".

Recommendations For versions prior to 10 Build 10000, update to Version 10 Build 10000 to resolve the issue. As a temporary workaround, consider restricting access to the "event/j security check" endpoint to minimize the risk of exploitation. Avoid using the j username parameter in the affected endpoint until the issue is resolved.