CVE-2025-61949_CVE-2025-61949

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Description

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page.

Basic Information

ID CVE-2025-61949

Source jpcert

Published Nov 21, 2025 at 06:17

Affected Product

Vendor LogStare Inc.

Product LogStare Collector (for Windows)

Version 2.4.1 and earlier

Affected Versions LogStare Inc. LogStare Collector (for Windows) 2.4.1 and earlier
LogStare Inc. LogStare Collector (for Linux) 2.4.1 and earlier

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page.",
    "published": "2025-11-21T06:17:53.887Z",
    "modified": "2025-11-21T06:17:53.887Z",
    "type": "cve",
    "title": "CVE-2025-61949",
    "source": "jpcert",
    "references": "https://www.logstare.com/vulnerability/2025-001/\nhttps://jvn.jp/en/jp/JVN77560819/",
    "id": "CVE-2025-61949",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "LogStare Inc. LogStare Collector (for Windows) 2.4.1 and earlier\nLogStare Inc. LogStare Collector (for Linux) 2.4.1 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LogStare Collector (for Windows)",
    "version": "2.4.1 and earlier",
    "vendor": "LogStare Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}