Advisory ID: LVD-2024-018
CVSSv 3.1 Vector: AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSSv 3.1 Base Score: 8.5
Severity: High
CVE: Pending
CWE: CWE-79
Date Published: 2025-07-08
Description:
When creating reports, attackers could create custom Jinja Templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, making it vulnerable to cross-site scripting (XSS) attacks.
Affected Product:
Logpoint v7.5.0 and earlier.
Solution:
Upgrade to Logpoint v7.6.0 or later.
Comments
Article is closed for comments.