Published: 11/09/2014 Updated: 08/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer prior to 3.6.6 allow remote malicious users to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adiscon loganalyzer 3.6.0
adiscon loganalyzer 3.6.4
adiscon loganalyzer
adiscon loganalyzer 3.6.1
adiscon loganalyzer 3.6.2
adiscon loganalyzer 3.6.3

Debian Bug report logs - #760372 loganalyzer: CVE-2014-6070 Package: src:loganalyzer; Maintainer for src:loganalyzer is Debian Monitoring Maintainers <pkg-monitoring-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 3 Sep 2014 11:06:15 UTC Severity: important Tags ...

Vulnerability title: Syslog LogAnalyzer 365 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 365 Date: 822014 Relevant CVEs: CVE-2014-6070 Vulnerable version: <= 365 Fixed version: 366 1 About the application ------------------------ LogAnalyzer is a web interface to syslog and other ...

LogAnalyzer version 365 suffers from a cross site scripting vulnerability ...

CWE-79 http://loganalyzer.adiscon.com/downloads/loganalyzer-3-6-6-v3-stable http://seclists.org/fulldisclosure/2014/Sep/17 http://packetstormsecurity.com/files/128121/LogAnalyzer-3.6.5-Cross-Site-Scripting.html http://www.exploit-db.com/exploits/34525 https://exchange.xforce.ibmcloud.com/vulnerabilities/95677 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760372 https://nvd.nist.gov https://www.exploit-db.com/exploits/34525/

CVE-2014-6070

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect