Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities found for loganalyzer by adiscon

    CVE-2023-36306 (GCVE-0-2023-36306)

    Vulnerability from nvd – Published: 2023-08-08 00:00 – Updated: 2024-10-10 18:29
    VLAI
    Summary
    A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:45:56.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/51643"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36306",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-10T18:29:18.892487Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-10T18:29:39.015Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-08T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.exploit-db.com/exploits/51643"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-36306",
        "datePublished": "2023-08-08T00:00:00.000Z",
        "dateReserved": "2023-06-21T00:00:00.000Z",
        "dateUpdated": "2024-10-10T18:29:39.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34600 (GCVE-0-2023-34600)

    Vulnerability from nvd – Published: 2023-06-20 00:00 – Updated: 2024-12-09 19:03
    VLAI
    Summary
    Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:17:02.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://loganalyzer.adiscon.com/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/costacoco/Adiscon/blob/main/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T19:02:11.293060Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-09T19:03:00.236Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-20T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://loganalyzer.adiscon.com/"
            },
            {
              "url": "https://github.com/costacoco/Adiscon/blob/main/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-34600",
        "datePublished": "2023-06-20T00:00:00.000Z",
        "dateReserved": "2023-06-07T00:00:00.000Z",
        "dateUpdated": "2024-12-09T19:03:00.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31738 (GCVE-0-2021-31738)

    Vulnerability from nvd – Published: 2021-06-08 10:50 – Updated: 2024-08-03 23:03
    VLAI
    Summary
    Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:03:33.852Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-024.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-08T10:50:47.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-024.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-31738",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-024.txt",
                  "refsource": "MISC",
                  "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-024.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-31738",
        "datePublished": "2021-06-08T10:50:47.000Z",
        "dateReserved": "2021-04-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:03:33.852Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-19877 (GCVE-0-2018-19877)

    Vulnerability from nvd – Published: 2018-12-05 21:00 – Updated: 2024-08-05 11:44
    VLAI
    Summary
    login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-12-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:44:20.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/"
              },
              {
                "name": "45958",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45958/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-12-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-09T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/"
            },
            {
              "name": "45958",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45958/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-19877",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/",
                  "refsource": "MISC",
                  "url": "https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/"
                },
                {
                  "name": "45958",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45958/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-19877",
        "datePublished": "2018-12-05T21:00:00.000Z",
        "dateReserved": "2018-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:44:20.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6070 (GCVE-0-2014-6070)

    Vulnerability from nvd – Published: 2014-09-11 14:00 – Updated: 2024-08-06 12:03
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-09-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:03:02.380Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34525",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/34525"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128121/LogAnalyzer-3.6.5-Cross-Site-Scripting.html"
              },
              {
                "name": "20140902 Syslog LogAnalyzer persistent XSS injection CVE-2014-6070",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Sep/17"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-6-6-v3-stable"
              },
              {
                "name": "loganalyzer-cve20146070-xss(95677)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95677"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34525",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/34525"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128121/LogAnalyzer-3.6.5-Cross-Site-Scripting.html"
            },
            {
              "name": "20140902 Syslog LogAnalyzer persistent XSS injection CVE-2014-6070",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Sep/17"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-6-6-v3-stable"
            },
            {
              "name": "loganalyzer-cve20146070-xss(95677)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95677"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6070",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34525",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/34525"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128121/LogAnalyzer-3.6.5-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128121/LogAnalyzer-3.6.5-Cross-Site-Scripting.html"
                },
                {
                  "name": "20140902 Syslog LogAnalyzer persistent XSS injection CVE-2014-6070",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Sep/17"
                },
                {
                  "name": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-6-6-v3-stable",
                  "refsource": "CONFIRM",
                  "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-6-6-v3-stable"
                },
                {
                  "name": "loganalyzer-cve20146070-xss(95677)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95677"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6070",
        "datePublished": "2014-09-11T14:00:00.000Z",
        "dateReserved": "2014-09-02T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:03:02.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3790 (GCVE-0-2012-3790)

    Vulnerability from nvd – Published: 2012-06-20 15:00 – Updated: 2024-09-16 19:51
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:21:03.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secpod.org/blog/?p=504"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-06-20T15:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secpod.org/blog/?p=504"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-3790",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt",
                  "refsource": "MISC",
                  "url": "http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt"
                },
                {
                  "name": "http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter",
                  "refsource": "CONFIRM",
                  "url": "http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter"
                },
                {
                  "name": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable",
                  "refsource": "CONFIRM",
                  "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable"
                },
                {
                  "name": "http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta",
                  "refsource": "CONFIRM",
                  "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta"
                },
                {
                  "name": "http://secpod.org/blog/?p=504",
                  "refsource": "MISC",
                  "url": "http://secpod.org/blog/?p=504"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-3790",
        "datePublished": "2012-06-20T15:00:00.000Z",
        "dateReserved": "2012-06-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:51:46.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36306 (GCVE-0-2023-36306)

    Vulnerability from cvelistv5 – Published: 2023-08-08 00:00 – Updated: 2024-10-10 18:29
    VLAI
    Summary
    A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:45:56.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/51643"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36306",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-10T18:29:18.892487Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-10T18:29:39.015Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-08T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.exploit-db.com/exploits/51643"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-36306",
        "datePublished": "2023-08-08T00:00:00.000Z",
        "dateReserved": "2023-06-21T00:00:00.000Z",
        "dateUpdated": "2024-10-10T18:29:39.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34600 (GCVE-0-2023-34600)

    Vulnerability from cvelistv5 – Published: 2023-06-20 00:00 – Updated: 2024-12-09 19:03
    VLAI
    Summary
    Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:17:02.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://loganalyzer.adiscon.com/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/costacoco/Adiscon/blob/main/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T19:02:11.293060Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-09T19:03:00.236Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-20T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://loganalyzer.adiscon.com/"
            },
            {
              "url": "https://github.com/costacoco/Adiscon/blob/main/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-34600",
        "datePublished": "2023-06-20T00:00:00.000Z",
        "dateReserved": "2023-06-07T00:00:00.000Z",
        "dateUpdated": "2024-12-09T19:03:00.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31738 (GCVE-0-2021-31738)

    Vulnerability from cvelistv5 – Published: 2021-06-08 10:50 – Updated: 2024-08-03 23:03
    VLAI
    Summary
    Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:03:33.852Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-024.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-08T10:50:47.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-024.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-31738",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-024.txt",
                  "refsource": "MISC",
                  "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-024.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-31738",
        "datePublished": "2021-06-08T10:50:47.000Z",
        "dateReserved": "2021-04-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:03:33.852Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-19877 (GCVE-0-2018-19877)

    Vulnerability from cvelistv5 – Published: 2018-12-05 21:00 – Updated: 2024-08-05 11:44
    VLAI
    Summary
    login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-12-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:44:20.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/"
              },
              {
                "name": "45958",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45958/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-12-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-09T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/"
            },
            {
              "name": "45958",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45958/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-19877",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/",
                  "refsource": "MISC",
                  "url": "https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/"
                },
                {
                  "name": "45958",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45958/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-19877",
        "datePublished": "2018-12-05T21:00:00.000Z",
        "dateReserved": "2018-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:44:20.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6070 (GCVE-0-2014-6070)

    Vulnerability from cvelistv5 – Published: 2014-09-11 14:00 – Updated: 2024-08-06 12:03
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-09-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:03:02.380Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34525",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/34525"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128121/LogAnalyzer-3.6.5-Cross-Site-Scripting.html"
              },
              {
                "name": "20140902 Syslog LogAnalyzer persistent XSS injection CVE-2014-6070",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Sep/17"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-6-6-v3-stable"
              },
              {
                "name": "loganalyzer-cve20146070-xss(95677)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95677"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34525",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/34525"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128121/LogAnalyzer-3.6.5-Cross-Site-Scripting.html"
            },
            {
              "name": "20140902 Syslog LogAnalyzer persistent XSS injection CVE-2014-6070",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Sep/17"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-6-6-v3-stable"
            },
            {
              "name": "loganalyzer-cve20146070-xss(95677)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95677"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6070",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34525",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/34525"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128121/LogAnalyzer-3.6.5-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128121/LogAnalyzer-3.6.5-Cross-Site-Scripting.html"
                },
                {
                  "name": "20140902 Syslog LogAnalyzer persistent XSS injection CVE-2014-6070",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Sep/17"
                },
                {
                  "name": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-6-6-v3-stable",
                  "refsource": "CONFIRM",
                  "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-6-6-v3-stable"
                },
                {
                  "name": "loganalyzer-cve20146070-xss(95677)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95677"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6070",
        "datePublished": "2014-09-11T14:00:00.000Z",
        "dateReserved": "2014-09-02T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:03:02.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3790 (GCVE-0-2012-3790)

    Vulnerability from cvelistv5 – Published: 2012-06-20 15:00 – Updated: 2024-09-16 19:51
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:21:03.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secpod.org/blog/?p=504"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-06-20T15:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secpod.org/blog/?p=504"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-3790",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt",
                  "refsource": "MISC",
                  "url": "http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt"
                },
                {
                  "name": "http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter",
                  "refsource": "CONFIRM",
                  "url": "http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter"
                },
                {
                  "name": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable",
                  "refsource": "CONFIRM",
                  "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable"
                },
                {
                  "name": "http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta",
                  "refsource": "CONFIRM",
                  "url": "http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta"
                },
                {
                  "name": "http://secpod.org/blog/?p=504",
                  "refsource": "MISC",
                  "url": "http://secpod.org/blog/?p=504"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-3790",
        "datePublished": "2012-06-20T15:00:00.000Z",
        "dateReserved": "2012-06-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:51:46.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }