Cross-Site Scripting Vulnerability in Logpoint Web UI
CVE-2024-33859

Currently unrated

Key Information:

Vendor: Logpoint
Status: Siem
Vendor: CVE Published:; 7 May 2024

What is CVE-2024-33859?

A vulnerability has been identified in Logpoint versions prior to 7.4.0, where HTML code transmitted through logs was not properly escaped in the Web UI, specifically within the 'Interesting Field' feature. This flaw allows for Cross-Site Scripting (XSS) attacks, enabling malicious actors to execute arbitrary scripts in the context of users accessing the compromised interface. Organizations utilizing affected versions of Logpoint are advised to update to the latest version to mitigate this security risk.

References

https://www.logpoint.com/

https://servicedesk.logpoint.com/hc/en-us/articles/185339...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Apr 27, 2024

JSON