GHSA-38HF-XJMX-JRH8 Cross-site Scripting in Graylog Server

In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts...

Cross-site Scripting in Graylog Server

In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts...

Cross-Site Scripting in graylog-web-interface

All versions of graylog-web-interface are vulnerable to Cross-Site Scripting XSS. The package fails to escape output on the TypeAhead and QueryInput components, which may allow attackers to execute arbitrary JavaScript on the victim's browser. Recommendation No fix is currently available. Conside...

GHSA-9QGH-7PGP-HP7R Cross-Site Scripting in graylog-web-interface

All versions of graylog-web-interface are vulnerable to Cross-Site Scripting XSS. The package fails to escape output on the TypeAhead and QueryInput components, which may allow attackers to execute arbitrary JavaScript on the victim's browser. Recommendation No fix is currently available. Conside...

CVE-2018-14380

In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts...

Design/Logic Flaw

In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts...