Primary

Context

Hayabusa Cross-Site Scripting Vulnerability in HTML Report Output

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Hayabusa versions prior to 3.8.0. This issue resides in the HTML report generation, where an attacker can execute arbitrary JavaScript. The vulnerability is triggered when a user scans JSON-exported logs that contain malicious content in the 'Computer' field. The injected JavaScript executes in the forensic examiner's browser session while viewing the report, potentially leading to information disclosure or unauthorized code execution.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected JavaScript is executed in the context of the user's browser session.

Remediation

Users can update to Hayabusa version 3.8.0 or later, where this vulnerability has been fixed.

Added: Apr 9, 2026, 12:11 AM

Updated: Apr 9, 2026, 12:11 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

4.2

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

4.2

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hayabusa Cross-Site Scripting Vulnerability in HTML Report Output

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating