Description
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.
Remediation
References
https://github.com/Graylog2/graylog2-server/pull/4727
https://www.graylog.org/post/announcing-graylog-v2-4-4
Related Vulnerabilities
CVE-2021-29441 Vulnerability in maven package com.alibaba.nacos:nacos-common
CVE-2022-41252 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt
CVE-2022-2217 Vulnerability in maven package org.webjars.npm:parse-url
CVE-2022-23631 Vulnerability in npm package superjson
CVE-2010-2232 Vulnerability in maven package org.apache.derby:derby