Primary

Context

LogStare Collector Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in LogStare Collector, affecting both Windows and Linux versions through 2.4.1. This vulnerability resides in the User Management feature, where crafted user information can be stored and later executed as an arbitrary script in the web browser of users accessing the product's management page.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary scripts in the web browsers of users who log into the product's management page, potentially leading to session hijacking or other malicious actions.

Remediation

Users are advised to update LogStare Collector to version 2.4.2 for both Windows and Linux. Instructions for updating the software can be found on the LogStare KnowledgeStare website.

Added: Nov 21, 2025, 7:20 AM

Updated: Nov 21, 2025, 4:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

5.0

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

5.0

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LogStare Collector Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating