Aggregates CVE and security vulnerability intelligence across all graylog-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting and vendor risk path handling, with potential vendor impact session compromise and vendor impact file overwrite across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-11651 | Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx. | [email protected] | 6.1 | 0.22% | 2018-06-01 | 2024-11-21 |
| CVE-2018-11650 | Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js. | [email protected] | 6.1 | 0.24% | 2018-06-01 | 2024-11-21 |