SecPod Research Team member (Sooraj K.S) has found Cross-Site Scripting Vulnerabilities in Adiscon LogAnalyzer. The vulnerability is caused by improper validation of “highlight” parameter in “index.php”. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks.
More information can be found here.
CVE Info : CVE-2012-3790
Welcome any feedback or suggestion.
Cheers!
SecPod Research Team
Pingback: Loganalyzer Cross Site Scripting Vulnerability in Highlight Parameter - Adiscon LogAnalyzer