Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Sawmill < 7.1.14 GET Request Query String XSS



The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.


The remote host is running Sawmill, a weblog analysis package. The version of Sawmill installed on the remote host suffers from a cross-site scripting flaw because its standalone web server treats an arbitrary query string appended to a GET request as a configuration command and fails to sanitize it before using it in an error page. An unauthenticated attacker may be able to exploit this issue to steal authentication information of users of the affected application.


Upgrade to version 7.1.14 or higher or use Sawmill in CGI mode.