Home

Description

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page.

PUBLISHED Reserved 2025-11-10 | Published 2025-11-21 | Updated 2025-11-21 | Assigner jpcert




MEDIUM: 5.4CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

MEDIUM: 4.8CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Problem types

Cross-site scripting (XSS)

Product status

2.4.1 and earlier
affected

2.4.1 and earlier
affected

References

www.logstare.com/vulnerability/2025-001/

jvn.jp/en/jp/JVN77560819/

cve.org (CVE-2025-61949)

nvd.nist.gov (CVE-2025-61949)

Download JSON