Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Analog logfile脚本代码插入漏洞
Vulnerability Description
Analog是一款日志分析程序,支持在HTML中限制可打印格式化日志文件,运行在Unix和Linux系统下,也可以运行在Microsoft Windows系统下。 Analog在日志处理上缺少正确检查,可导致跨站脚本执行漏洞。 攻击者可以方便的插入任意字符串到任何WEB服务器日志文件中,如果这些日志文件中的字符串被analog解析,就会出现在HTML形式报告中,当这些字符串包含恶意功能的时候,其代码将会在第三方查看这些日志的时候在用户浏览器上执行,造成如基于Cookie认证的敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A