Cross-Site Scripting Vulnerability in Emlog Pro Affects Remote Operations
CVE-2024-12844

6.9MEDIUM

Key Information:

Vendor

Emlog

Status
Emlog Pro
Vendor
CVE Published:
20 December 2024

What is CVE-2024-12844?

A significant cross-site scripting (XSS) vulnerability has been identified in Emlog Pro versions up to 2.4.1, specifically within the '/admin/store.php' file. This vulnerability enables attackers to manipulate the 'tag' argument, allowing for the execution of malicious scripts in the context of the affected web application. As this vulnerability can be exploited remotely, it poses a risk of unauthorized actions being executed by users, potentially leading to data theft or further compromise of the web application. Given its public disclosure, it is crucial for users and administrators of Emlog Pro to take immediate action to address this vulnerability and safeguard their systems.

Affected Version(s)

Emlog Pro 2.4.0

Emlog Pro 2.4.1

References

https://vuldb.com/?id.289080
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289080
signaturepermissions-required
https://vuldb.com/?submit.462465
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

Credit

jiashenghe (VulDB User)
.
CVE-2024-12844 : Cross-Site Scripting Vulnerability in Emlog Pro Affects Remote Operations