6 matches found
Cross-site Scripting in Graylog Server
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js...
CVE-2018-11650
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js...
Cross site scripting
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js...
CVE-2018-11650
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js...
CVE-2018-11650
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js...
CVE-2018-11650
CVE-2018-11650 affects Graylog before 2.4.4, where unescaped text in notifications (util/UserNotification.js, toastr) enables a cross-site scripting (XSS) vulnerability. The issue arises in the notification output path and can allow injection of HTML/JS in user-facing notifications. Multiple conn...