ManageEngine EventLog Analyzer XSS Vulnerability

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(108592);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/08");

  script_cve_id("CVE-2018-8721");
  script_bugtraq_id(103424);
  script_xref(name:"IAVB", value:"2018-B-0045-S");

  script_name(english:"ManageEngine EventLog Analyzer XSS Vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server hosts an application that is affected by
a cross-site scripting vulnerability");
  script_set_attribute(attribute:"description", value:
"The version of ManageEngine EventLog Analyzer installed on the
remote host is prior or equal to 11.0 Build 11000. It is, therefore,
affected by a cross-site scripting (XSS) vulnerability. An
attacker can exploit this flaw to inject arbitrary HTML or script
code into a user's browser to be executed within the security
context of the affected site.

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.");
  # https://pitstop.manageengine.com/portal/en/community/topic/manageengine-eventlog-analyzer-11-0-build-11000-stored-cross-site-scripting-attack
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7e4d3ea5");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor for patch or upgrade solutions. At this time
the link to the patch in the bug report appears to be invalid.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8721");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/03/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/24");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:zohocorp:manageengine_eventlog_analyzer");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("manageengine_eventlog_analyzer_detect.nbin");
  script_require_keys("installed_sw/ManageEngine EventLog Analyzer");
  script_require_ports("Services/www", 8400);

  exit(0);
}

include('http.inc');
include('vcf.inc');
include('vcf_extras_zoho.inc');

var app = 'ManageEngine EventLog Analyzer';
var port = get_http_port(default:8400);

var app_info = vcf::zoho::fix_parse::get_app_info(app:app, port:port, webapp:TRUE);

var constraints = [
  {'equal' : '11000', 'fixed_display': 'See vendor advisory'}
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING,
  flags:{'xss':TRUE}
);