A cross-site scripting vulnerability in the viewid parameter of the userchange.php page was brought to our attention by Thomas Pollet. We thank then for giving us the chance to fix this issue before releasing information into the public. More details about the vulnerabilities can be found in this security advisory.
Continue reading “Loganalyzer Cross Site Scripting Vulnerability in userchange.php”
Month: January 2013
LogAnalyzer v3.6.2 (v3-stable) released
We have just released LogAnalyzer 3.6.2. This stable release has the following changes:
- Fixed another DiskAllowed Checked in Disk logstream class, no works as expected.
- Fixed Cross Site Scripting Continue reading “LogAnalyzer v3.6.2 (v3-stable) released”
LogAnalyzer 3.6.2 (v3-stable)
Download file name: LogAnalyzer 3.6.2 (v3-stable)
Version 3.6.2 (stable), 2013-01-09
- Fixed another DiskAllowed Checked in Disk logstream class, no works as expected.
- Fixed Cross Site Scripting Issue in userchange.php (viewid parameter)
Version: 3.6.2
File size: 1043284 bytes