Loganalyzer Cross Site Scripting Vulnerability in Highlight Parameter

A cross-site scripting vulnerability in the highlight parameter of the index.php page was brought to our attention by Sooraj K.S SecPod Technologies. We thank then for giving us the chance to fix these issues before releasing information into the public. More details about the vulnerabilities can be found in this security advisory.

Affected Stable Versions:

Stable branch up to v3.4.3 (inclusive)
Beta branch up to v3.5.4 (inclusive)

Fix:

Update to 3.4.4 or 3.5.5 or higher (if available).

Cross Site Scripting

Short Description:

A cross-site scripting vulnerability existed in the index.php page. An attacker could use it to execute arbitrary HTML and Script code by using the highlight parameter.

Potential Impact:

An attacker could use prepared links to include and run scripts within the context of LogAnalyzer on the users browser.

Credits:

We want to thank Sooraj K.S SecPod Technologies for identifying these issues and working with us in resolving it. More details can be found in there advisory

3 Responses to “Loganalyzer Cross Site Scripting Vulnerability in Highlight Parameter”

  1. Milford says:

    I do not know if it’s just me or if everyone else
    encountering problems wth your site. It appears as though some of the text on your
    posts are running off the screen. Can somebody ekse please provide feedback and
    let me know if this is happening to them too? This could be a problem wiyh my internet browser
    because I’ve had this happen previously. Kudos

  2. friedl says:

    We checked, must be your browser.

Leave a Reply