Description: | | A cross site request forgery vulnerability exists in ManageEngine EventLog Analyzer. The vulnerability is due to insufficient input validation of parameters sent to event/userManagementForm.do. By convincing a user to follow a malicious link, a remote attacker can exploit this vulnerability to conduct a cross-site request forgery (CSRF) attack on the affected system. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via the web browser with the privileges of the user. |