Adiscon LogAnalyzer 4.1.6 Cross Site Scripting

Adiscon LogAnalyzer versions 4.1.6 and below suffer from a cross site scripting vulnerability.

MD5 | 1f0cea0032676330845007e01bc272e2

Title: Cross-Site Scripting in Adiscon LogAnalyzer (CVE-2018-19877)
Credit: Gustavo Sorondo /
Vendor/Product: Adiscon LogAnalyzer (
Vulnerability: Cross-Site Scripting (XSS)
Vulnerable version: 4.1.6 and earlier
Fixed in: 4.1.7
CVE: CVE-2018-19877

## Vulnerability Details

Adiscon LogAnalyzer before 4.1.7 is affected by Cross-Site Scripting (XSS)
in the 'referer' parameter of the login.php file.

Proof of Concept:

## Vulnerability Disclosure Timeline

2018-11-26 - Vulnerability discovered by Cinta Infinita
2018-11-28 - Vulnerability reported to Adiscon
2018-12-04 - Vulnerability confirmed by Adiscon
2018-12-05 - Issue is fixed and version 4.1.7 is released.
2018-12-05 - CVE-2018-19877 is assigned
2018-12-05 - Full disclosure

## Related fixes and releases

## About Cinta Infinita

Cinta Infinita offers Information Security related services. Our
Headquarters are in Buenos Aires, Argentina.
For more information, visit

Ing. Gustavo M. Sorondo
Cinta Infinita - CTO

Related Posts