VDB-289078 · CVE-2024-12842 · GCVE-100-289078

Emlog Pro har 2.4.1 /admin/user.php keyword Cross Site Scripting

Gaskiya vulnerability da aka ware a matsayin karshewa an samu a Emlog Pro har 2.4.1. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil /admin/user.php, a cikin sashen $software_component. A sa manipulation of the argument keyword ka Cross Site Scripting. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-79. Hakika, rauni an bayyana shi 12/20/2024 kamar Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2024-12842. Ngam yiɗi ka a tuma ndiyam ka nder layi. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga github.com. 0-day shima, an ndiyam a wuro be $0-$5k. Once again VulDB remains the best source for vulnerability data.

5 Goyarwa · 100 Datenpunkte

Furɗe	Súgá 12/20/2024 13:41	Gargadi 1/4 12/21/2024 01:52	Gargadi 2/4 12/24/2024 18:34	Gargadi 3/4 02/16/2025 20:54	Gargadi 4/4 06/06/2025 05:51
cvss3_vuldb_rl	X	X	X	X	X
cvss4_vuldb_at	N	N	N	N	N
cvss4_vuldb_ui	N	N	N	P	P
cvss4_vuldb_sc	N	N	N	N	N
cvss4_vuldb_si	N	N	N	N	N
cvss4_vuldb_sa	N	N	N	N	N
cvss2_vuldb_basescore	5.0	5.0	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.3	4.3	4.3	4.3	4.3
cvss3_vuldb_basescore	4.3	4.3	4.3	4.3	4.3
cvss3_vuldb_tempscore	3.9	3.9	3.9	3.9	3.9
cvss3_meta_basescore	4.3	4.3	4.3	4.3	4.9
cvss3_meta_tempscore	3.9	4.1	4.1	4.1	4.8
cvss4_vuldb_bscore	6.9	6.9	6.9	5.3	5.3
cvss4_vuldb_btscore	5.5	5.5	5.5	2.1	2.1
advisory_date	1734649200 (12/20/2024)	1734649200 (12/20/2024)	1734649200 (12/20/2024)	1734649200 (12/20/2024)	1734649200 (12/20/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
software_name	Emlog Pro	Emlog Pro	Emlog Pro	Emlog Pro	Emlog Pro
software_version	<=2.4.1	<=2.4.1	<=2.4.1	<=2.4.1	<=2.4.1
software_file	/admin/user.php	/admin/user.php	/admin/user.php	/admin/user.php	/admin/user.php
software_argument	keyword	keyword	keyword	keyword	keyword
vulnerability_cwe	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)
vulnerability_risk	1	1	1	1	1
cvss3_vuldb_av	N	N	N	N	N
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_pr	N	N	N	N	N
cvss3_vuldb_ui	R	R	R	R	R
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	N	N	N	N	N
cvss3_vuldb_i	L	L	L	L	L
cvss3_vuldb_a	N	N	N	N	N
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rc	R	R	R	R	R
advisory_identifier	Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305	Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305	Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305	Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305	Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305
advisory_url	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305
exploit_availability	1	1	1	1	1
exploit_publicity	1	1	1	1	1
exploit_url	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305
source_cve	CVE-2024-12842	CVE-2024-12842	CVE-2024-12842	CVE-2024-12842	CVE-2024-12842
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N	N
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_au	N	N	N	N	N
cvss2_vuldb_ci	N	N	N	N	N
cvss2_vuldb_ii	P	P	P	P	P
cvss2_vuldb_ai	N	N	N	N	N
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N	N
cvss4_vuldb_ac	L	L	L	L	L
cvss4_vuldb_pr	N	N	N	N	N
cvss4_vuldb_vc	N	N	N	N	N
cvss4_vuldb_vi	L	L	L	L	L
cvss4_vuldb_va	N	N	N	N	N
cvss4_vuldb_e	P	P	P	P	P
cvss2_vuldb_rl	ND	ND	ND	ND	ND
cve_nvd_summary		A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N	N	N
cvss4_cna_ac		L	L	L	L
cvss4_cna_at		N	N	N	N
cvss4_cna_pr		N	N	N	N
cvss4_cna_ui		N	N	N	N
cvss4_cna_vc		N	N	N	N
cvss4_cna_vi		L	L	L	L
cvss4_cna_va		N	N	N	N
cvss4_cna_sc		N	N	N	N
cvss4_cna_si		N	N	N	N
cvss4_cna_sa		N	N	N	N
cvss4_cna_bscore		6.9	6.9	6.9	6.9
cvss3_cna_av		N	N	N	N
cvss3_cna_ac		L	L	L	L
cvss3_cna_pr		N	N	N	N
cvss3_cna_ui		R	R	R	R
cvss3_cna_s		U	U	U	U
cvss3_cna_c		N	N	N	N
cvss3_cna_i		L	L	L	L
cvss3_cna_a		N	N	N	N
cvss3_cna_basescore		4.3	4.3	4.3	4.3
cvss2_cna_av		N	N	N	N
cvss2_cna_ac		L	L	L	L
cvss2_cna_au		N	N	N	N
cvss2_cna_ci		N	N	N	N
cvss2_cna_ii		P	P	P	P
cvss2_cna_ai		N	N	N	N
cvss2_cna_basescore		5	5	5	5
cve_nvd_summaryes			Se ha detectado una vulnerabilidad en Emlog Pro hasta la versión 2.4.1. Se ha declarado como problemática. Esta vulnerabilidad afecta al código desconocido del archivo /admin/user.php. La manipulación de la palabra clave del argumento provoca cross site scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse.	Se ha detectado una vulnerabilidad en Emlog Pro hasta la versión 2.4.1. Se ha declarado como problemática. Esta vulnerabilidad afecta al código desconocido del archivo /admin/user.php. La manipulación de la palabra clave del argumento provoca cross site scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse.	Se ha detectado una vulnerabilidad en Emlog Pro hasta la versión 2.4.1. Se ha declarado como problemática. Esta vulnerabilidad afecta al código desconocido del archivo /admin/user.php. La manipulación de la palabra clave del argumento provoca cross site scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse.
cvss3_nvd_av					N
cvss3_nvd_ac					L
cvss3_nvd_pr					N
cvss3_nvd_ui					R
cvss3_nvd_s					C
cvss3_nvd_c					L
cvss3_nvd_i					L
cvss3_nvd_a					N
cvss3_nvd_basescore					6.1

◂ Gurɗo Gumti Gada ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!