Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

Self XSS on LDAP authentication

Avatar Rushmi Bhuju
February 04, 2025 08:41
Follow

Advisory ID: LVD-2022-0001

CVSSv 3.1 Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CVSSv 3.1 Base Score: 4.8

Severity: Medium

CVE: CVE-2024-29865

CWE: CWE-79

Date Published: 2024-03-22

Description:

Self Cross-site scripting (Self-XSS) was seen on the LDAP authentication page because the username field on the LDAP login form was not sanitized.

Affected Product:

Logpoint v7.0.1 and earlier

Solution:

Upgrade to Logpoint v7.1.0

Acknowledgments:

Marcus Nilsson and Christian Rellmann from USD.

Comments

Article is closed for comments.

Related articles

  • Stored XSS Vulnerability in Alerts via Log Injection
  • Privilege Escalation Through Cronjob
  • Username Enumeration on Shared Widgets
  • Server-Side Template Injection (SSTI) in Search Template Dashboard Queries
  • Arbitrary file deletion through URL Injection to SAML SSO-URL Response
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.