2009-09-20
Secure Network releases the security advisory SN-09-04 for multiple vulnerabilities found in Xpolog.
SN-09-04: Xpolog suffers of incorrect validation and requests processing. Under certain conditions, any unprivileged user can change the administrator’s password. Cross-Site Scripting vulnerabilities were discovered inside log rendering functions, and more generally while handling user input. The Xpolog Linux package uses an old Tomcat 5.0.28 version, which is affected by multiple well known vulnerabilities.