Cross-Site Scripting Vulnerability in Emlog Pro Software
CVE-2024-12842

6.1MEDIUM

Key Information:

Vendor: Emlog
Status: Emlog
Vendor: CVE Published:; 20 December 2024

What is CVE-2024-12842?

CVE-2024-12842 is a critical cross-site scripting (XSS) vulnerability found in Emlog Pro versions up to 2.4.1, specifically affecting the user management code in the /admin/user.php file. This flaw allows attackers to manipulate the 'keyword' parameter, enabling them to successfully initiate XSS attacks remotely. The public disclosure of this exploit highlights the urgency for users to apply necessary patches and secure their web applications to prevent possible compromised systems.

References

https://github.com/emlog/emlog/issues/305

https://vuldb.com/?ctiid.289078

https://vuldb.com/?id.289078

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2024