VDB-289080 · CVE-2024-12844 · GCVE-100-289080

Emlog Pro har 2.4.1 /admin/store.php Lāhà Cross Site Scripting

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin Emlog Pro har 2.4.1. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, /admin/store.php na cikin fayil, $software_component na cikin sashi. Ngam manipulation of the argument Lāhà shi Cross Site Scripting. CWE shidin ka a yi bayani matsala sai ya kai CWE-79. Gaskiya, laifi an fitar da shi 12/20/2024 a matsayin Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2024-12844. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $0-$5k. VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 Goyarwa · 88 Datenpunkte

Furɗe	Súgá 12/20/2024 13:41	Gargadi 1/2 12/21/2024 01:52	Gargadi 2/2 02/16/2025 20:54
software_name	Emlog Pro	Emlog Pro	Emlog Pro
software_version	<=2.4.1	<=2.4.1	<=2.4.1
software_file	/admin/store.php	/admin/store.php	/admin/store.php
software_argument	tag	tag	tag
vulnerability_cwe	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)
vulnerability_risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_identifier	Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305	Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305	Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305
advisory_url	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305
source_cve	CVE-2024-12844	CVE-2024-12844	CVE-2024-12844
cna_responsible	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_vc	N	N	N
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	N	N	N
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_ui	N	N	P
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.3	4.3	4.3
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	3.9	3.9	3.9
cvss3_meta_basescore	4.3	4.3	4.3
cvss3_meta_tempscore	3.9	4.1	4.1
cvss4_vuldb_bscore	6.9	6.9	5.3
cvss4_vuldb_btscore	5.5	5.5	2.1
advisory_date	1734649200 (12/20/2024)	1734649200 (12/20/2024)	1734649200 (12/20/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Affected is an unknown function of the file /admin/store.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Affected is an unknown function of the file /admin/store.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		N	N
cvss4_cna_ui		N	N
cvss4_cna_vc		N	N
cvss4_cna_vi		L	L
cvss4_cna_va		N	N
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		6.9	6.9
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		R	R
cvss3_cna_s		U	U
cvss3_cna_c		N	N
cvss3_cna_i		L	L
cvss3_cna_a		N	N
cvss3_cna_basescore		4.3	4.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		N	N
cvss2_cna_ci		N	N
cvss2_cna_ii		P	P
cvss2_cna_ai		N	N
cvss2_cna_basescore		5	5

◂ Gurɗo Gumti Gada ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!