CVE-2019-20375

Name of the Vulnerable Software and Affected Versions ELOG version 3.1.4

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization (loc) command to elogd.c.

Recommendations For ELOG version 3.1.4, update to a version that fixes this issue, as using the value parameter in the localization command poses a risk of code injection. As a temporary workaround, consider restricting access to the localization command until a patch is available.