An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-05-07
An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-05-07
An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-05-07
An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery.
CVSS Score
9.6
EPSS Score
0.002
Published
2024-05-07
An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-05-07
In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-05-01
Page 2