Summary
This host is running Adiscon LogAnalyzer and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to Adiscon LogAnalyzer version 3.4.4 or 3.5.5 or later, For updates refer to http://loganalyzer.adiscon.com/
Insight
Input passed via the 'highlight' parameter in index.php is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site.
Affected
Adiscon LogAnalyzer versions before 3.4.4 and 3.5.x before 3.5.5
References
Severity
Classification
-
CVE CVE-2012-3790 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- @Mail WebMail Email Body HTML Injection Vulnerability