An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-12-16
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-12-16
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-12-16
An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-11-07
An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API Token leading to authentication bypass.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-11-07
An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-11-07
An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution.
CVSS Score
6.4
EPSS Score
0.005
Published
2024-11-07
An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-05-07
An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-05-07
An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-05-07
Page 1