Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Emlog
(Emlog)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 33 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-01-16 | CVE-2023-41619 | Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write. | Emlog | 6.1 | ||
2022-11-13 | CVE-2022-3968 | A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f69a0c74107761a02. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213547. | Emlog | 6.1 | ||
2023-12-13 | CVE-2023-41621 | A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php. | Emlog | 6.1 | ||
2023-12-14 | CVE-2023-41618 | Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft. | Emlog | 6.1 | ||
2023-12-12 | CVE-2023-41623 | Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php. | Emlog | 7.2 | ||
2022-04-29 | CVE-2022-1526 | A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input <script>alert(1);</script> leads to cross site scripting. It is possible to initiate the attack remotely but it requires a signup and login by the attacker. The exploit has been disclosed to the public and may be used. | Emlog | 5.4 | ||
2023-10-03 | CVE-2023-44973 | An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | Emlog | 9.8 | ||
2023-10-03 | CVE-2023-44974 | An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | Emlog | 9.8 | ||
2023-10-02 | CVE-2023-43267 | A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field. | Emlog | 5.4 | ||
2023-09-27 | CVE-2023-43291 | Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component. | Emlog | 9.8 |