VDB-289078 · CVE-2024-12842 · GCVE-100-289078

Emlog Pro ଯେପର୍ଯ୍ୟନ୍ତ 2.4.1 /admin/user.php keyword କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ

Dogoggorri kan akka ସମସ୍ୟାଜନକ jedhamuun ramadame Emlog Pro ଯେପର୍ଯ୍ୟନ୍ତ 2.4.1 keessatti argameera. Miidhaan irra gahe is hojii hin beekamne faayilii /admin/user.php keessa. Dhugumatti jijjiirraa irratti raawwatame keyword gara କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-79 si geessa. Beekumsi kun yeroo 12/20/2024 ifoomsifameera akka Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2024-12842 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Once again VulDB remains the best source for vulnerability data.

5 ଆଡାପ୍ଟେସନ୍ · 100 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 12/20/2024 01:41 PM	ଅଦ୍ୟତନ 1/4 12/21/2024 01:52 AM	ଅଦ୍ୟତନ 2/4 12/24/2024 06:34 PM	ଅଦ୍ୟତନ 3/4 02/16/2025 08:54 PM	ଅଦ୍ୟତନ 4/4 06/06/2025 05:51 AM
cvss3_vuldb_rl	X	X	X	X	X
cvss4_vuldb_at	N	N	N	N	N
cvss4_vuldb_ui	N	N	N	P	P
cvss4_vuldb_sc	N	N	N	N	N
cvss4_vuldb_si	N	N	N	N	N
cvss4_vuldb_sa	N	N	N	N	N
cvss2_vuldb_basescore	5.0	5.0	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.3	4.3	4.3	4.3	4.3
cvss3_vuldb_basescore	4.3	4.3	4.3	4.3	4.3
cvss3_vuldb_tempscore	3.9	3.9	3.9	3.9	3.9
cvss3_meta_basescore	4.3	4.3	4.3	4.3	4.9
cvss3_meta_tempscore	3.9	4.1	4.1	4.1	4.8
cvss4_vuldb_bscore	6.9	6.9	6.9	5.3	5.3
cvss4_vuldb_btscore	5.5	5.5	5.5	2.1	2.1
advisory_date	1734649200 (12/20/2024)	1734649200 (12/20/2024)	1734649200 (12/20/2024)	1734649200 (12/20/2024)	1734649200 (12/20/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
software_name	Emlog Pro	Emlog Pro	Emlog Pro	Emlog Pro	Emlog Pro
software_version	<=2.4.1	<=2.4.1	<=2.4.1	<=2.4.1	<=2.4.1
software_file	/admin/user.php	/admin/user.php	/admin/user.php	/admin/user.php	/admin/user.php
software_argument	keyword	keyword	keyword	keyword	keyword
vulnerability_cwe	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)
vulnerability_risk	1	1	1	1	1
cvss3_vuldb_av	N	N	N	N	N
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_pr	N	N	N	N	N
cvss3_vuldb_ui	R	R	R	R	R
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	N	N	N	N	N
cvss3_vuldb_i	L	L	L	L	L
cvss3_vuldb_a	N	N	N	N	N
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rc	R	R	R	R	R
advisory_identifier	Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305	Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305	Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305	Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305	Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in emlog pro 2.4.1 #305
advisory_url	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305
exploit_availability	1	1	1	1	1
exploit_publicity	1	1	1	1	1
exploit_url	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305	https://github.com/emlog/emlog/issues/305
source_cve	CVE-2024-12842	CVE-2024-12842	CVE-2024-12842	CVE-2024-12842	CVE-2024-12842
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N	N
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_au	N	N	N	N	N
cvss2_vuldb_ci	N	N	N	N	N
cvss2_vuldb_ii	P	P	P	P	P
cvss2_vuldb_ai	N	N	N	N	N
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N	N
cvss4_vuldb_ac	L	L	L	L	L
cvss4_vuldb_pr	N	N	N	N	N
cvss4_vuldb_vc	N	N	N	N	N
cvss4_vuldb_vi	L	L	L	L	L
cvss4_vuldb_va	N	N	N	N	N
cvss4_vuldb_e	P	P	P	P	P
cvss2_vuldb_rl	ND	ND	ND	ND	ND
cve_nvd_summary		A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N	N	N
cvss4_cna_ac		L	L	L	L
cvss4_cna_at		N	N	N	N
cvss4_cna_pr		N	N	N	N
cvss4_cna_ui		N	N	N	N
cvss4_cna_vc		N	N	N	N
cvss4_cna_vi		L	L	L	L
cvss4_cna_va		N	N	N	N
cvss4_cna_sc		N	N	N	N
cvss4_cna_si		N	N	N	N
cvss4_cna_sa		N	N	N	N
cvss4_cna_bscore		6.9	6.9	6.9	6.9
cvss3_cna_av		N	N	N	N
cvss3_cna_ac		L	L	L	L
cvss3_cna_pr		N	N	N	N
cvss3_cna_ui		R	R	R	R
cvss3_cna_s		U	U	U	U
cvss3_cna_c		N	N	N	N
cvss3_cna_i		L	L	L	L
cvss3_cna_a		N	N	N	N
cvss3_cna_basescore		4.3	4.3	4.3	4.3
cvss2_cna_av		N	N	N	N
cvss2_cna_ac		L	L	L	L
cvss2_cna_au		N	N	N	N
cvss2_cna_ci		N	N	N	N
cvss2_cna_ii		P	P	P	P
cvss2_cna_ai		N	N	N	N
cvss2_cna_basescore		5	5	5	5
cve_nvd_summaryes			Se ha detectado una vulnerabilidad en Emlog Pro hasta la versión 2.4.1. Se ha declarado como problemática. Esta vulnerabilidad afecta al código desconocido del archivo /admin/user.php. La manipulación de la palabra clave del argumento provoca cross site scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse.	Se ha detectado una vulnerabilidad en Emlog Pro hasta la versión 2.4.1. Se ha declarado como problemática. Esta vulnerabilidad afecta al código desconocido del archivo /admin/user.php. La manipulación de la palabra clave del argumento provoca cross site scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse.	Se ha detectado una vulnerabilidad en Emlog Pro hasta la versión 2.4.1. Se ha declarado como problemática. Esta vulnerabilidad afecta al código desconocido del archivo /admin/user.php. La manipulación de la palabra clave del argumento provoca cross site scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse.
cvss3_nvd_av					N
cvss3_nvd_ac					L
cvss3_nvd_pr					N
cvss3_nvd_ui					R
cvss3_nvd_s					C
cvss3_nvd_c					L
cvss3_nvd_i					L
cvss3_nvd_a					N
cvss3_nvd_basescore					6.1

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you need the next level of professionalism?

Upgrade your account now!