Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Logpoint SIEM 跨站脚本漏洞
Vulnerability Description
Logpoint SIEM是Logpoint公司的一个安全信息与事件管理(SIEM)解决方案。 Logpoint SIEM v6.1.0d到7.3.0版本存在跨站脚本漏洞,该漏洞源于Jinja 模板无法正确审查显示的日志数据,远程攻击者可构建有效负载,并将其发送到向 SIEM 发送日志的任何系统或设备,如果创建了警报,有效负载将在使用该模板查看的警报数据上执行,这可能会导致敏感数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A