CVE-2025-66359

An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.

CVSS v3 8.5 HIGH

8.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://servicedesk.logpoint.com/hc/en-us/articles/29158899698333-XSS-Vulnerability-due-to-insufficient-input-validation	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*

History

03 Dec 2025, 19:08

Type	Values Removed	Values Added
References	~~() https://servicedesk.logpoint.com/hc/en-us/articles/29158899698333-XSS-Vulnerability-due-to-insufficient-input-validation -~~	() https://servicedesk.logpoint.com/hc/en-us/articles/29158899698333-XSS-Vulnerability-due-to-insufficient-input-validation - Vendor Advisory
First Time		Logpoint siem Logpoint
CPE		cpe:2.3:a:logpoint:siem::::::::

28 Nov 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-28 00:15

Updated : 2025-12-03 19:08

NVD link : CVE-2025-66359

Mitre link : CVE-2025-66359

CVE.ORG link : CVE-2025-66359

JSON object : View

Products Affected

logpoint

siem

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

8.5 /10