CVE-2018-1000029

Published: Feb 9, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

mcholste Enterprise Log Search and Archive (ELSA) version revision 1205, commit 2cc17f1 and earlier contains a Cross Site Scripting (XSS) vulnerability in index view (/) that can result in . This attack appear to be exploitable via Payload delivered via the type, name, and value parameters of /Query/set_preference and the name and value parameters of /Query/preference. Payload executed when the user visits the index view (/).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://blog.securityonion.net/2018/01/security-advisory-for-elsa.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-1000029

Description

Affected Products

References