HackDig : Dig high-quality web security articles for hacker

XpoLog Center V6 Multiple Remote Vulnerabilities

2016-07-01 14:20
Title: XpoLog Center V6 Multiple Remote Vulnerabilities
Advisory ID: ZSL-2016-5334
Type: Local/Remote
Impact: Cross-Site Scripting, Spoofing
Risk: (3/5)
Release Date: 01.07.2016
Summary
Applications Log Analysis and Management Platform.
Description
XpoLog suffers from multiple vulnerabilities includingXSS, Open Redirection and Cross-Site Request Forgery.
Vendor
XpoLog LTD - http://www.xpolog.com
Affected Version
6.4469
6.4254
6.4252
6.4250
6.4237
6.4235
5.4018
Tested On
Apache-Coyote/1.1
Microsoft Windows Server 2012
Microsoft Windows 7 Professional SP1 EN 64bit
Java/1.7.0_45
Java/1.8.0.91
Vendor Status
[14.06.2016] Vulnerability discovered.
[21.06.2016] Contact with the vendor.
[30.06.2016] No response from the vendor.
[01.07.2016] Public security advisory released.
PoC
xpolog_mv.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5335.php
Changelog
[01.07.2016] - Initial release
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk


Source: php.4335-6102-LSZ/seitilibarenluv/ne/km.ecneicsorez.www

Read:2011 | Comments:0 | Tags:No Tag

“XpoLog Center V6 Multiple Remote Vulnerabilities”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud