CVE-2025-14684

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files...

CVE-2026-24903

CVE-2026-24903 affects OrcaStatLLM Researcher (LLM-based research paper generator). A stored XSS in the Session Page log message allows attacker-supplied inputs to inject and execute JavaScript in victims’ browsers. CVSSv4 base score 5.3 (Medium): Network, Low attack complexity, no privileges, us...

CVE-2026-24903 OrcaStatLLM Researcher Stored Cross-Site Scripting (XSS) via Log Message Injection in Session Page

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims' browsers through...

CVE-2026-24903 OrcaStatLLM Researcher Stored Cross-Site Scripting (XSS) via Log Message Injection in Session Page

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims' browsers through...

ROS-20251022-02

Jenkins Automation Server vulnerability is related to a log message injection issue. Exploitation The vulnerability could allow an attacker acting remotely to compromise the target system A vulnerability in the Jenkins Automation Server is related to a vulnerable plugin not checking permissions f...

CVE-2020-8445

In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...