github - ghsa-8fpw-hmv9-f7c4

ghsa-8fpw-hmv9-f7c4

Vulnerability from github

Published

2024-05-07 18:30

Modified

2024-05-07 18:30

Details

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33859"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-07T17:15:09Z",
    "severity": null
  },
  "details": "An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn\u0027t being escaped in the \"Interesting Field\" Web UI, leading to XSS.",
  "id": "GHSA-8fpw-hmv9-f7c4",
  "modified": "2024-05-07T18:30:34Z",
  "published": "2024-05-07T18:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33859"
    },
    {
      "type": "WEB",
      "url": "https://servicedesk.logpoint.com/hc/en-us/articles/18533927651357-XSS-in-Interesting-Fields-in-Logpoint-Web-UI"
    },
    {
      "type": "WEB",
      "url": "https://www.logpoint.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2024-33859

Vulnerability from cvelistv5

Published

2024-05-07 00:00

Modified

2024-08-02 02:42

Severity

Summary

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS.

References

URL	Tags
https://www.logpoint.com/
https://servicedesk.logpoint.com/hc/en-us/articles/18533927651357-XSS-in-Interesting-Fields-in-Logpoint-Web-UI

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-33859",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T18:14:44.301402Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T18:14:52.868Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:42:59.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.logpoint.com/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://servicedesk.logpoint.com/hc/en-us/articles/18533927651357-XSS-in-Interesting-Fields-in-Logpoint-Web-UI"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn\u0027t being escaped in the \"Interesting Field\" Web UI, leading to XSS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-07T16:09:27.168343",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.logpoint.com/"
        },
        {
          "url": "https://servicedesk.logpoint.com/hc/en-us/articles/18533927651357-XSS-in-Interesting-Fields-in-Logpoint-Web-UI"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-33859",
    "datePublished": "2024-05-07T00:00:00",
    "dateReserved": "2024-04-27T00:00:00",
    "dateUpdated": "2024-08-02T02:42:59.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.