CVE-2023-36306

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 8, 2023

Updated: Aug 14, 2023

CWE ID 79

Summary

CVE-2023-36306 is a Cross Site Scripting (XSS) vulnerability affecting Adiscon Aiscon LogAnalyzer versions up to 4.1.13. This issue enables remote attackers to inject malicious code into the application by exploiting vulnerabilities in the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components. Successful exploitation can result in stolen user data, unauthorized access, or system compromise. Users are advised to update to the latest version of Adiscon Aiscon LogAnalyzer to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adiscon LogAnalyzer

Affected Vendors

Adiscon GmbH

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sOEt4Y
https://www.cve.org/CVERecord?id=CVE-2023-36306
https://nvd.nist.gov/vuln/detail/CVE-2023-36306

Back to Vulnerability Database