Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-54812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HT...

5.4CVSS6.2AI score0.01084EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/24 7:26 p.m.5 views

CVE-2025-54812

A flaw was found in log4cxx. When using HTMLLayout, logger names are not properly escaped. This vulnerability allows an attacker to provide untrusted data as a logger name to inject arbitrary HTML content into log output files. This issue can lead to cross-site scripting vulnerabilities if the HT...

5.4CVSS5.6AI score0.01084EPSS
Exploits0References6
Snyk
Snyk
added 2025/08/22 7:43 p.m.3 views

Improper Output Neutralization for Logs

Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the HTMLLayout class. An attacker can execute arbitrary HTML or JavaScript code by injecting malicious content into the logger name, which is then written to the HTML log file and subsequently...

5.4CVSS7.3AI score0.01084EPSS
Exploits0References2
OSV
OSV
added 2025/08/22 7:15 p.m.1 views

DEBIAN-CVE-2025-54812

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...

5.4CVSS5.2AI score0.01084EPSS
Exploits0References1
OSV
OSV
added 2025/08/22 7:15 p.m.4 views

UBUNTU-CVE-2025-54812

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...

5.4CVSS5.8AI score0.01084EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/08/22 12:0 a.m.4 views

Apache Log4cxx 安全漏洞

Apache Log4cxx is the United States Apache Apache Foundation of a C + + logging framework patterned on Apache log4j . A cross-site scripting vulnerability exists in Apache Log4cxx versions prior to 1.5.0, which stems from HTMLLayout not properly escaping logger names, and can be exploited by an...

5.4CVSS6.2AI score0.01084EPSS
Exploits0References5
Rows per page
Query Builder