Adiscon LogAnalyzer ‘highlight’ Parameter Cross Site Scripting Vulnerability

SecPod Research Team member (Sooraj K.S) has found Cross-Site Scripting Vulnerabilities in Adiscon LogAnalyzer. The vulnerability is caused by improper validation of “highlight” parameter in “index.php”. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks.

More information can be found here.

CVE Info : CVE-2012-3790

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

[…] We want to thank Sooraj K.S SecPod Technologies for identifying these issues and working with us in resolving it. More details can be found in there advisory […]