Cross-Site Scripting Vulnerability in Emlog Pro Affects Multiple Versions
CVE-2024-12845

5.3MEDIUM

Key Information:

Vendor

Emlog

Status
Emlog Pro
Vendor
CVE Published:
20 December 2024

What is CVE-2024-12845?

CVE-2024-12845 is a high-risk vulnerability found in Emlog Pro up to version 2.4.1. This security flaw resides in the /include/lib/common.php library and allows attackers to exploit a manipulation of the 'msg' argument, leading to a cross-site scripting (XSS) attack. Since the exploit can be executed remotely, compromised systems may lead to unauthorized access to sensitive information or drive users to malicious sites. The vulnerability has been made public, increasing the urgency for users to apply patches and focus on preventive measures.

Affected Version(s)

Emlog Pro 2.4.0

Emlog Pro 2.4.1

References

https://vuldb.com/?id.289081
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289081
signaturepermissions-required
https://vuldb.com/?submit.462477
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

Credit

jiashenghe (VulDB User)
.