Reflected DOM-Based XSS vulnerability
tuanpmanh opened this issue · 0 comments
tuanpmanh commented
- LogViewer Version: 4.6.x, 4.7.x
Description:
Versions 4.6.x and 4.7.x are affected by a Reflected DOM-Based XSS vulnerability in the query log feature. Upon reviewing these versions, I found that the following code segments have not been escaped for XSS characters.
4.6-bootstrap-3
4.6-bootstrap-4
4.7-bootstrap-3
4.7-bootstrap-4
Therefore, users of these versions might be vulnerable to XSS attacks as shown in the poc image below
https://REDACTED/log-viewer/logs/2024-08-07/all/search?query="><script>alert('Infected')</script>
