Versions 4.6.x and 4.7.x are affected by a Reflected DOM-Based XSS vulnerability in the query log feature. Upon reviewing these versions, I found that the following code segments have not been escaped for XSS characters.
4.6-bootstrap-34.6-bootstrap-44.7-bootstrap-34.7-bootstrap-4
Therefore, users of these versions might be vulnerable to XSS attacks as shown in the poc image below
https://REDACTED/log-viewer/logs/2024-08-07/all/search?query="><script>alert('Infected')</script>
Description:
Versions 4.6.x and 4.7.x are affected by a Reflected DOM-Based XSS vulnerability in the query log feature. Upon reviewing these versions, I found that the following code segments have not been escaped for XSS characters. 4.6-bootstrap-3 4.6-bootstrap-4 4.7-bootstrap-3 4.7-bootstrap-4
Therefore, users of these versions might be vulnerable to XSS attacks as shown in the poc image below
https://REDACTED/log-viewer/logs/2024-08-07/all/search?query="><script>alert('Infected')</script>