ELOG Logbook Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host has ELOG installed and is prone to cross-site scripting vulnerability.

Impact

Attackers can exploit this issue to steal cookie-based authentication credentials by conducting Cross-Site Scripting attacks on the affected system. Impact Level: System/Application

Solution

Upgrade ELOG Version to 2.7.2 or later. https://midas.psi.ch/elog/download/

Insight

An error occurs while processing malicious user supplied data passed into the 'logbook' module and can be exploited to inject arbitrary HTML and script code in the context of the affected application.

Affected

ELOG versions prior to 2.7.2

References

http://osvdb.org/41685
http://xforce.iss.net/xforce/xfdb/40124
https://midas.psi.ch/elog/download/ChangeLog

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7206
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Rave User Information Disclosure Vulnerability
Apache Archiva Multiple Vulnerabilities
Apache CouchDB Cross Site Request Forgery Vulnerability
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
aeNovo Database Content Disclosure Vulnerability

Take action and discover your vulnerabilities