Cross-site Scripting (XSS)

Overview aiosyslogd is an Asynchronous Syslog server using asyncio, with an optional uvloop integration and SQLite backend. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dynamic log message highlighter in index.html. An attacker can execute arbitrary...

MiracleLinux 9 : rsyslog-8.2102.0-101.el9.1 (AXSA:2022-3974:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3974:05 advisory. rsyslog: Heap-based overflow in TCP syslog server CVE-2022-24903 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

MiracleLinux 7 : rsyslog-8.24.0-57.el7.3 (AXSA:2022-3197:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3197:02 advisory. rsyslog: Heap-based overflow in TCP syslog server CVE-2022-24903 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

EUVD-2025-93540

Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points. An user having access to the syslog server can read the logs containing these credentials. This issue affects...

CVE-2025-12940

CVE-2025-12940 affects NETGEAR WAX610 and WAX610Y access points. A configuration issue causes login credentials to be recorded in logs when a Syslog Server is configured, allowing an attacker with syslog access to read credentials. Impact: credential disclosure for devices running firmware prior ...

CVE-2025-34315 IPFire < v2.29 Stored XSS via Remote Syslog Server Address

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOGADDR parameter when updating the remote syslog server address. When a user updates the Remote loggin...

CVE-2025-34315 IPFire < v2.29 Stored XSS via Remote Syslog Server Address

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOGADDR parameter when updating the remote syslog server address. When a user updates the Remote loggin...

PT-2025-44174

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the...

VulnCheck KEV: CVE-2017-18369

The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the advremotelog.asp page and can be exploited through the syslogServerAd...

EUVD-2021-21876

Malware in sbrugna...

EUVD-2021-21879

Malware in sbrugna...

EUVD-2021-21878

Malware in sbrugna...

EUVD-2021-21874

Malware in sbrugna...

EUVD-2021-21880

Malware in sbrugna...

EUVD-2023-47212

Malicious code in bioql PyPI...

CVE-2023-42782

A insufficient verification of data authenticity vulnerability CWE-345 in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number...

Support for Tunneling Syslog to On Premise Datacenter when using Adaptive Authentication on Cloud

Configure external syslog server when using Adaptive Authentication on Cloud...

Application firewall Logs are not logged locally in NetScaler

NetScaler appfw logs are being forwarded to the syslog server as expected. However, the logs are not being logged or displayed in the local /var/log/ns.log. Config: add audit syslogPolicy sysadv1 true sys1bind audit syslogGlobal -policyName sysadv1 -priority 100 -globalBindType APPFWGLOBA Before...

SolarWinds Kiwi Syslog Server Installed (Windows)

Binary data solarwindskiwiwininstalled.nbin...

SolarWinds Kiwi Syslog Server NG 安全漏洞

SolarWinds Kiwi Syslog Server NG is an application from SolarWinds USA. A security vulnerability exists in SolarWinds Kiwi Syslog Server NG versions prior to 1.3.1, which stems from the fact that sensitive data may be exposed to unprivileged users in configuration files...