Cross-Site Scripting Vulnerability in Emlog Pro Revealed
CVE-2024-12843

6.9MEDIUM

Key Information:

Vendor

Emlog

Status
Emlog Pro
Vendor
CVE Published:
20 December 2024

What is CVE-2024-12843?

CVE-2024-12843 identifies a high-risk cross-site scripting (XSS) vulnerability within Emlog Pro versions up to 2.4.1. The flaw arises from improper handling of user input in the /admin/plugin.php file, specifically in the argument 'filter'. This oversight allows attackers to inject malicious scripts that can be executed in the context of the user’s browser, potentially leading to data theft, session hijacking, or other nefarious activities. The vulnerability is publicly disclosed and can be exploited remotely, emphasizing the urgent need for users to update their Emlog Pro installations to safeguard against potential attacks.

Affected Version(s)

Emlog Pro 2.4.0

Emlog Pro 2.4.1

References

https://vuldb.com/?id.289079
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289079
signaturepermissions-required
https://github.com/emlog/emlog/issues/305
exploitissue-tracking

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

.
CVE-2024-12843 : Cross-Site Scripting Vulnerability in Emlog Pro Revealed