Logo
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

XSS in "Interesting Fields" in Logpoint Web UI

Avatar Rushmi Bhuju
February 04, 2025 08:41
Follow

Advisory ID: LVD-2024-0004

CVSSv 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSSv 3.1 Base Score: 5.4

Severity: Medium

CVE: CVE-2024-33859

CWE: CWE-79

Date Published: 2024-04-30

Description:

HTML code sent through logs wasn't being escaped in the Interesting Field in the UI, leading to XSS attack. 

Affected Product:

Logpoint versions before 7.4.0 

Solution:

Upgrade to Logpoint v7.4.0

Acknowledgments:

Jan Henrik Reimers

Hamburger Energiewerke

 

 

Comments

Article is closed for comments.

Related articles

  • Path Injection  on Enrichment Sources leading to arbitrary file write in /tmp folder
  • Local File Inclusion in File System Collector
  • Authentication and CSRF bypass leading to unauthorized access
  • Arbitrary file deletion through URL Injection to SAML SSO-URL Response
  • SIEM Management Integration
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.