CVE-2025-54316

An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, making it vulnerable to cross-site scripting (XSS) attacks.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://servicedesk.logpoint.com/hc/en-us/articles/28685383084317-XSS-vulnerability-in-Report-Templates-using-built-in-Jinja-filter-functions

Configurations

No configuration.

History

22 Jul 2025, 13:06

Type	Values Removed	Values Added
Summary		(es) Se detectó un problema en Logpoint antes de la versión 7.6.0. Al crear informes, los atacantes podían crear plantillas Jinja personalizadas que encadenaban funciones de filtro integradas para generar payloads XSS. El motor de plantillas de informes de Logpoint puede renderizar estas payloads, lo que las hace vulnerables a ataques de cross-site scripting (XSS).

20 Jul 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-20 19:15

Updated : 2025-07-22 13:06

NVD link : CVE-2025-54316

Mitre link : CVE-2025-54316

CVE.ORG link : CVE-2025-54316

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.9 /10