CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
88.4%
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
Vendor | Product | Version | CPE |
---|---|---|---|
stephen_turner | analog | 3.90_beta1 | cpe:2.3:a:stephen_turner:analog:3.90_beta1:*:*:*:*:*:*:* |
stephen_turner | analog | 3.90_beta2 | cpe:2.3:a:stephen_turner:analog:3.90_beta2:*:*:*:*:*:*:* |
stephen_turner | analog | 4.1 | cpe:2.3:a:stephen_turner:analog:4.1:*:*:*:*:*:*:* |
stephen_turner | analog | 4.01 | cpe:2.3:a:stephen_turner:analog:4.01:*:*:*:*:*:*:* |
stephen_turner | analog | 4.02 | cpe:2.3:a:stephen_turner:analog:4.02:*:*:*:*:*:*:* |
stephen_turner | analog | 4.03 | cpe:2.3:a:stephen_turner:analog:4.03:*:*:*:*:*:*:* |
stephen_turner | analog | 4.04 | cpe:2.3:a:stephen_turner:analog:4.04:*:*:*:*:*:*:* |
stephen_turner | analog | 4.11 | cpe:2.3:a:stephen_turner:analog:4.11:*:*:*:*:*:*:* |
stephen_turner | analog | 4.14 | cpe:2.3:a:stephen_turner:analog:4.14:*:*:*:*:*:*:* |
stephen_turner | analog | 4.15 | cpe:2.3:a:stephen_turner:analog:4.15:*:*:*:*:*:*:* |