Jpcert: >> Logontracer >> 1.1.1 Security Vulnerabilities
There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-27
An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user.
CVSS Score
8.7
EPSS Score
0.002
Published
2026-04-27
Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-01-09
LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-01-09
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.87
Published
2019-01-09
LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-01-09