CVE-2012-3790

Adiscon Loganalyzer < 3.4.3 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action.

References (5)

[Patch] http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable

[Patch] http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta

[Vendor Advisory] http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter

[Exploit] http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt

[Various Sources] http://secpod.org/blog/?p=504

Scores

EPSS 0.0033

EPSS Percentile 55.5%

Classification

CWE

CWE-79

Status published

Affected Products (15)

adiscon/loganalyzer < 3.4.3

adiscon/loganalyzer

n/a/n/a

Timeline

Published Jun 20, 2012

Tracked Since Feb 18, 2026