5 matches found
CVE-2023-23014
Cross Site Scripting XSS vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c on Apr 23, 2021 via editstorename and editactive inputs in file InventorySystem.php...
CVE-2025-46827
Graylog has a vulnerability (CVE-2025-46827) where an HTML form in an Event Definition Remediation Step can leak user session cookies if an attacker has create-event-definition rights and the victim can view alerts, with an active input to receive form data. Affected versions are before 6.0.14, 6...
CVE-2025-46827 Graylog Allows Session Takeover via Insufficient HTML Sanitization
Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with...
GHSA-76VF-MPMX-777J Graylog Allows Session Takeover via Insufficient HTML Sanitization
Impact It is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with permissions to create event definitions, while the user must have permissions to view alerts...
CVE-2023-23014
Cross Site Scripting XSS vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c on Apr 23, 2021 via editstorename and editactive inputs in file InventorySystem.php...