iPlanet Log Analyzer Logfile HTML Injection Vulnerability

iPlanet does not sufficiently sanitize HTML when logging requests. If malicious data containing HTML and script code is logged and then viewed using the log viewing software, exploitation will occur. Through exploitation of this issue, it will be possible to falsify log information and execute arbitrary script code in the web client of the user viewing the logs.

This issue occurs when viewing logs in both HTML and text mode.


Privacy Statement
Copyright 2010, SecurityFocus