Adiscon LogAnalyzer ‘highlight’ Parameter Cross Site Scripting Vulnerability

SecPod Research Team member (Sooraj K.S) has found Cross-Site Scripting Vulnerabilities in Adiscon LogAnalyzer. The vulnerability is caused by improper validation of “highlight” parameter in “index.php”. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks.

More information can be found here.

CVE Info : CVE-2012-3790

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

0 0 votes
Article Rating
Subscribe
Notify of

1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

[…] We want to thank Sooraj K.S SecPod Technologies for identifying these issues and working with us in resolving it. More details can be found in there advisory […]