VULHUB ™

It has been reported that CCLog does not sufficiently filter user-supplied values for some HTTP headers. As a result, attackers may embed malicious script code or HTML into specially crafted HTTP requests. When CCLog is used to assemble a HTML version of web site hits and is viewed by another user, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software.

It has been reported that CCLog does not sufficiently filter user-supplied values for some HTTP headers. As a result, attackers may embed malicious script code or HTML into specially crafted HTTP requests. When CCLog is used to assemble a HTML version of web site hits and is viewed by another user, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software.