Logo
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

Self XSS on LDAP authentication

Avatar Rushmi Bhuju
February 04, 2025 08:41
Follow

Advisory ID: LVD-2022-0001

CVSSv 3.1 Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CVSSv 3.1 Base Score: 4.8

Severity: Medium

CVE: CVE-2024-29865

CWE: CWE-79

Date Published: 2024-03-22

Description:

Self Cross-site scripting (Self-XSS) was seen on the LDAP authentication page because the username field on the LDAP login form was not sanitized.

Affected Product:

Logpoint v7.0.1 and earlier

Solution:

Upgrade to Logpoint v7.1.0

Acknowledgments:

Marcus Nilsson and Christian Rellmann from USD.

Comments

Article is closed for comments.

Related articles

  • How to create an Idea?
  • Stored XSS Vulnerability in Alerts via Log Injection
  • Privilege Escalation Through Cronjob
  • Username Enumeration on Shared Widgets
  • Server-Side Template Injection (SSTI) in Search Template Dashboard Queries
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.