Description
In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts.
Remediation
References
https://github.com/Graylog2/graylog2-server/pull/4904
https://www.graylog.org/post/announcing-the-release-of-graylog-2-4-6
Related Vulnerabilities
CVE-2019-10464 Vulnerability in maven package org.jenkins-ci.plugins:weblogic-deployer-plugin
CVE-2017-5651 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2021-27191 Vulnerability in npm package get-ip-range
CVE-2021-42567 Vulnerability in maven package org.apereo.cas:cas-server-core-services
CVE-2016-0762 Vulnerability in maven package tomcat:catalina