Description
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.
Remediation
References
https://www.graylog.org/post/announcing-graylog-v2-4-4
https://github.com/Graylog2/graylog2-server/pull/4727
Related Vulnerabilities
CVE-2020-28500 Vulnerability in maven package org.webjars.npm:lodash
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-common
CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee10:jetty-ee10-servlets
CVE-2021-27807 Vulnerability in maven package org.apache.pdfbox:pdfbox