Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

Self XSS on LDAP authentication

Avatar Rushmi Bhuju
June 06, 2024 10:52
Follow

Advisory ID: LVD-2022-0001

CVSSv 3.1 Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CVSSv 3.1 Base Score: 4.8

Severity: Medium

CVE: CVE-2024-29865

CWE: CWE-79

Date Published: 2024-03-22

Description:

Self Cross-site scripting (Self-XSS) was seen on the LDAP authentication page because the username field on the LDAP login form was not sanitized.

Affected Product:

Logpoint v7.0.1 and earlier

Solution:

Upgrade to Logpoint v7.1.0

Acknowledgments:

Marcus Nilsson and Christian Rellmann from USD.

Comments

Article is closed for comments.

Related articles

  • Privilege Escalation Through Cronjob
  • Username Enumeration on Shared Widgets
  • Arbitrary file deletion through URL Injection to SAML SSO-URL Response
  • Stored XSS Vulnerability in Alerts via Log Injection
  • [Support Announcement] Jan 23, 2023 - Bi-weekly Service Desk (Support Portal) Upgrade
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.