Logpoint: Security Vulnerabilities
An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.
CVSS Score
8.5
EPSS Score
0.0
Published
2025-11-28
An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-11-28
An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-28
An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution.
CVSS Score
7.1
EPSS Score
0.002
Published
2024-12-16
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-12-16
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution.
CVSS Score
7.1
EPSS Score
0.002
Published
2024-12-16
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-12-16
An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-11-07
An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API Token leading to authentication bypass.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-11-07
An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-11-07
Page 1