Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
https://www.manageengine.com/products/eventlog/release-notes.html
https://pitstop.manageengine.com/portal/community/topic/security-notice