CVE-2023-36306

MEDIUM NUCLEI

Adiscon Aiscon LogAnalyzer <4.1.13 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-36306. PoCs published by Pedro. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates multiple reflected XSS vulnerabilities in Adiscon LogAnalyzer v4.1.13 and earlier. The payloads inject JavaScript into various endpoints via URL parameters, triggering arbitrary script execution in the context of the user's session.

Description

A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components.

Exploits (1)

exploitdb WORKING POC
by Pedro · textwebappsphp
https://www.exploit-db.com/exploits/51643

This exploit demonstrates multiple reflected XSS vulnerabilities in Adiscon LogAnalyzer v4.1.13 and earlier. The payloads inject JavaScript into various endpoints via URL parameters, triggering arbitrary script execution in the context of the user's session.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Adiscon LogAnalyzer v4.1.13 and before
No auth needed
Prerequisites: Access to the LogAnalyzer web interface · User interaction required for payload execution
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting
MEDIUMVERIFIEDby r3Y3r53

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/51643

Scores

CVSS v3 6.1
EPSS 0.0533
EPSS Percentile 90.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
adiscon/loganalyzer < 4.1.13
Published Aug 08, 2023
Tracked Since Feb 18, 2026