Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

Stored XSS Vulnerability in Alerts via Log Injection

Avatar Rushmi Bhuju
June 06, 2024 10:52
Follow

Advisory ID: LVD-2023-0001

CVSSv 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSSv 3.1 Base Score: 5.4

Severity: Medium

CVE: CVE-2023-49950

CWE: CWE-79, CWE-20

Date Published: 2023-10-12

Description

Crafted XSS payloads could be sent through logs. Alerts configured with such logs when rendered through a custom Jinja template caused XSS injection. 

A successful exploit could allow attackers to steal sensitive information.

Affected Product

Logpoint v6.10.0 to v7.2.4

Solution

Upgrade to Logpoint v7.3.0 or later

Acknowledgments

Ash Scott, Security Researcher, Shrike InfoSec

Comments

Article is closed for comments.

Related articles

  • Self XSS on LDAP authentication
  • Arbitrary file deletion through URL Injection to SAML SSO-URL Response
  • Server Side Request Forgery (SSRF) on Threat Intelligence
  • Template injection in Search Template
  • Logpoint Agent Collector
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.