lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 5 Dec 2018 21:40:57 -0300
From: Gustavo Sorondo <>
To: Full Disclosure Mailing List <>
Subject: [FD] Cross-Site Scripting in Adiscon LogAnalyzer (CVE-2018-19877)

Title: Cross-Site Scripting in Adiscon LogAnalyzer (CVE-2018-19877)
Credit: Gustavo Sorondo /
Vendor/Product: Adiscon LogAnalyzer (
Vulnerability: Cross-Site Scripting (XSS)
Vulnerable version: 4.1.6 and earlier
Fixed in: 4.1.7
CVE: CVE-2018-19877

## Vulnerability Details

Adiscon LogAnalyzer  before 4.1.7 is affected by Cross-Site Scripting (XSS)
in the 'referer' parameter of the login.php file.

Proof of Concept:

## Vulnerability Disclosure Timeline

2018-11-26 - Vulnerability discovered by Cinta Infinita
2018-11-28 - Vulnerability reported to Adiscon
2018-12-04 - Vulnerability confirmed by Adiscon
2018-12-05 - Issue is fixed and version 4.1.7 is released.
2018-12-05 - CVE-2018-19877 is assigned
2018-12-05 - Full disclosure

## Related fixes and releases

## About Cinta Infinita

Cinta Infinita offers Information Security related services. Our
Headquarters are in Buenos Aires, Argentina.
For more information, visit

Ing. Gustavo M. Sorondo
Cinta Infinita - CTO

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists