Cross Site Scripting (XSS) Vulnerability in mcholste ELSA version revision 1205, commit 2cc17f1 and earlier

Cross Site Scripting (XSS) Vulnerability in mcholste ELSA version revision 1205, commit 2cc17f1 and earlier

CVE-2018-1000029 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

mcholste Enterprise Log Search and Archive (ELSA) version revision 1205, commit 2cc17f1 and earlier contains a Cross Site Scripting (XSS) vulnerability in index view (/) that can result in . This attack appear to be exploitable via Payload delivered via the type, name, and value parameters of /Query/set_preference and the name and value parameters of /Query/preference. Payload executed when the user visits the index view (/).

Learn more about our User Device Pen Test.