Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Analog | Stephen_turner | 3.90_beta1 (including) | 3.90_beta1 (including) |
| Analog | Stephen_turner | 3.90_beta2 (including) | 3.90_beta2 (including) |
| Analog | Stephen_turner | 4.1 (including) | 4.1 (including) |
| Analog | Stephen_turner | 4.01 (including) | 4.01 (including) |
| Analog | Stephen_turner | 4.02 (including) | 4.02 (including) |
| Analog | Stephen_turner | 4.03 (including) | 4.03 (including) |
| Analog | Stephen_turner | 4.04 (including) | 4.04 (including) |
| Analog | Stephen_turner | 4.11 (including) | 4.11 (including) |
| Analog | Stephen_turner | 4.14 (including) | 4.14 (including) |
| Analog | Stephen_turner | 4.15 (including) | 4.15 (including) |
| Analog | Stephen_turner | 4.16 (including) | 4.16 (including) |
| Analog | Stephen_turner | 4.90_beta2 (including) | 4.90_beta2 (including) |
| Analog | Stephen_turner | 4.90_beta3 (including) | 4.90_beta3 (including) |
| Analog | Stephen_turner | 4.90_beta4 (including) | 4.90_beta4 (including) |
| Analog | Stephen_turner | 4.91_beta1 (including) | 4.91_beta1 (including) |
| Analog | Stephen_turner | 5.0 (including) | 5.0 (including) |
| Analog | Stephen_turner | 5.01 (including) | 5.01 (including) |
| Analog | Stephen_turner | 5.1a (including) | 5.1a (including) |
| Analog | Stephen_turner | 5.2 (including) | 5.2 (including) |
| Analog | Stephen_turner | 5.02 (including) | 5.02 (including) |
| Analog | Stephen_turner | 5.03 (including) | 5.03 (including) |
| Red Hat Powertools 7.1 | RedHat | * |