CVE-2022-1526

Name of the Vulnerable Software and Affected Versions Emlog Pro versions up to 1.2.2

Description A problematic issue was found in the POST parameter handling of articles, allowing for cross-site scripting when an attacker manipulates the input with malicious scripts, such as <script>alert(1);</script>. The attack can be initiated remotely, but it requires the attacker to sign up and log in. The exploit has been publicly disclosed.

Recommendations For Emlog Pro versions up to 1.2.2, as a temporary workaround, consider restricting access to the article posting feature until a patch is available. Avoid using the vulnerable POST parameter handling of articles until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.