CVE-2025-61949

Medium CVSS: 4.8

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page.

Vendor

Secuavail

Product

Logstare Collector

CWE

CWE-79

Yayın Tarihi

2025-11-21 07:15:54

Güncelleme

2025-12-05 15:34:16

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-79 Logstare Collector MEDIUM Secuavail 2025

Referanslar

https://jvn.jp/en/jp/JVN77560819/ https://www.logstare.com/vulnerability/2025-001/

Benzer Kayıtlar

High

CVE-2025-64695

Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). If exploited, arbitr…

Medium

CVE-2025-62189

LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administra…

Medium

CVE-2025-62687

Cross-site request forgery vulnerability exists in LogStare Collector. If a user views a crafted page while logged, unin…

Medium

CVE-2025-64299

LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' passwor…

Medium

CVE-2025-58097

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative u…