Hayabusa
Monthly
Hayabusa versions before 3.8.0 contain a stored cross-site scripting (XSS) vulnerability in HTML report generation that allows authenticated attackers to inject arbitrary JavaScript into the Computer field of JSON-exported logs, which executes in a forensic examiner's browser when viewing the generated HTML report. The vulnerability requires user interaction (report viewing) and results in information disclosure or session compromise, affecting forensic analysis workflows that process untrusted or adversary-controlled log data.
Hayabusa versions before 3.8.0 contain a stored cross-site scripting (XSS) vulnerability in HTML report generation that allows authenticated attackers to inject arbitrary JavaScript into the Computer field of JSON-exported logs, which executes in a forensic examiner's browser when viewing the generated HTML report. The vulnerability requires user interaction (report viewing) and results in information disclosure or session compromise, affecting forensic analysis workflows that process untrusted or adversary-controlled log data.