CVE-2022-23872

Name of the Vulnerable Software and Affected Versions Emlog pro version 1.1.1

Description A stored cross-site scripting (XSS) issue was found in the /admin/configure.php component via the footer info parameter. This allows for malicious script execution when a user views the affected page.

Recommendations For Emlog pro version 1.1.1, as a temporary workaround, consider restricting access to the /admin/configure.php component until a patch is available. Avoid using the footer info parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.