PT-2020-21205 — XSS in Graylog Graylog-Web-Interface

PT-2020-21205 · Graylog · Graylog-Web-Interface

Published

2020-09-03

Updated

2020-09-03

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions graylog-web-interface versions (all versions)

Description The issue concerns a failure to escape output on the TypeAhead and QueryInput components, potentially allowing attackers to execute arbitrary JavaScript on the victim's browser through Cross-Site Scripting (XSS).

Recommendations Consider using an alternative package until a fix is made available.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

GHSA-9QGH-7PGP-HP7R

Affected Products

Graylog-Web-Interface

PT-2020-21205 · Graylog · Graylog-Web-Interface

Weakness Enumeration

Related Identifiers

Affected Products

References · 2