Summary
This host is running Adiscon LogAnalyzer and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to Adiscon LogAnalyzer version 3.4.4 or 3.5.5 or later, For updates refer to http://loganalyzer.adiscon.com/
Insight
Input passed via the 'highlight' parameter in index.php is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site.
Affected
Adiscon LogAnalyzer versions before 3.4.4 and 3.5.x before 3.5.5
References
Severity
Classification
-
CVE CVE-2012-3790 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Apache Tiles Multiple XSS Vulnerability
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability