Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3790

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3790
Last Modified 21 Jun 2012 12:00:00
Published 20 Jun 2012 11:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3790

Summary

Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action.

Vulnerable Systems

Application

  • Adiscon Loganalyzer 3.2.0

  • Adiscon Loganalyzer 3.2.1

  • Adiscon Loganalyzer 3.2.2

  • Adiscon Loganalyzer 3.2.3

  • Adiscon Loganalyzer 3.3.0

  • Adiscon Loganalyzer 3.4.0

  • Adiscon Loganalyzer 3.4.1

  • Adiscon Loganalyzer 3.4.2

  • Adiscon Loganalyzer 3.4.3

  • Adiscon Loganalyzer 3.5.0

  • Adiscon Loganalyzer 3.5.1

  • Adiscon Loganalyzer 3.5.2

  • Adiscon Loganalyzer 3.5.3

  • Adiscon Loganalyzer 3.5.4


References

MISC - http://secpod.org/blog/?p=504

MISC - http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt

CONFIRM - http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter

CONFIRM - http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta

CONFIRM - http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable


Last Updated: 27 May 2016 10:56:33