Cross-Site Scripting Vulnerability in Emlog Pro Affects Security
CVE-2024-12841

6.1MEDIUM

Key Information:

Vendor: Emlog
Status: Emlog
Vendor: CVE Published:; 20 December 2024

What is CVE-2024-12841?

CVE-2024-12841 is a critical cross-site scripting (XSS) vulnerability found in Emlog Pro versions up to 2.4.1. The vulnerability resides in the /admin/tag.php file, where improper handling of the 'keyword' argument allows an attacker to inject malicious scripts. This exploit can be initiated remotely, making it a significant threat to users of the affected product. As the details of the vulnerability have been disclosed publicly, it poses an urgent risk to security and requires immediate attention from system administrators to mitigate potential exploitation.

References

https://github.com/emlog/emlog/issues/305

https://vuldb.com/?ctiid.289077

https://vuldb.com/?id.289077

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 20, 2024