CVE-2023-49950

Published: Feb 3, 2024

Modified: Jun 17, 2025

PUBLISHED

Description

The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://servicedesk.logpoint.com/hc/en-us/articles/14124495377437-Stored-XSS-Vulnerability-in-Alerts-via-Log-Injection

https://github.com/shrikeinfosec/cve-2023-49950/blob/main/cve-2023-49950.md

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-49950

Description

Affected Products

References