CVE-2023-43267

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions emlog pro version 2.1.14

Description A cross-site scripting (XSS) issue in the publish article function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field.

Recommendations For emlog pro version 2.1.14, consider disabling the publish article function until a patch is available to prevent exploitation of this issue. Restrict access to the title field in the publish article function to minimize the risk of arbitrary web script or HTML execution.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-43267

Affected Products

Emlog Pro

CVE-2023-43267

Weakness Enumeration

Related Identifiers

Affected Products

References · 6