CVE-2025-61949

MEDIUM

LogStare Collector < 2.4.2 - Stored Cross-Site Scripting in UserManagement

Title source: llm
STIX 2.1

Description

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page.

References (2)

Core 2
Core References
Third Party Advisory
https://jvn.jp/en/jp/JVN77560819/

Scores

CVSS v3 5.4
EPSS 0.0015
EPSS Percentile 4.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
secuavail/logstare_collector < 2.4.2
Published Nov 21, 2025
Tracked Since Feb 18, 2026