Advisory ID: LVD-2023-0001
CVSSv 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CVSSv 3.1 Base Score: 5.4
Severity: Medium
CVE: CVE-2023-49950
Date Published: 2023-10-12
Description
Crafted XSS payloads could be sent through logs. Alerts configured with such logs when rendered through a custom Jinja template caused XSS injection.
A successful exploit could allow attackers to steal sensitive information.
Affected Product
Logpoint v6.10.0 to v7.2.4
Solution
Upgrade to Logpoint v7.3.0 or later
Acknowledgments
Ash Scott, Security Researcher, Shrike InfoSec
Comments
Article is closed for comments.