CVE-2023-49950

low-risk
Published 2024-02-03

The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Logpoint

References (4)

Exploit https://github.com/shrikeinfosec/cve-2023-49950/blob/main/cve-2023-49950.md
Vendor Advisory https://servicedesk.logpoint.com/hc/en-us/articles/14124495377437-Stored-XSS-Vul...
Exploit https://github.com/shrikeinfosec/cve-2023-49950/blob/main/cve-2023-49950.md
Vendor Advisory https://servicedesk.logpoint.com/hc/en-us/articles/14124495377437-Stored-XSS-Vul...
27
/ 100
low-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal