CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
56.9%
iLogScanner provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a software that checks access logs to detect suspected attacks against a web server. iLogScanner contains a cross-site scripting vulnerability (CWE-79) due to a flaw when processing analysis results and outputting the results into a HTML page.
An arbitrary script may be executed on the outputted HTML page when analyzing a specially crafted access log file.
Update the software
Users of the offline version of iLogScanner should update to the latest version according to the information provided by the developer.
According to the developer, the online version of iLogScanner has already been updated to address this vulnerability.