CVE-2024-12843

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Emlog Pro versions up to 2.4.1

Description A problem has been found in Emlog Pro that affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Emlog Pro versions up to 2.4.1, consider disabling access to the /admin/plugin.php file until a patch is available. As a temporary workaround, restrict the manipulation of the argument filter to minimize the risk of cross site scripting. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2024-12843

Affected Products

Emlog Pro

CVE-2024-12843

Weakness Enumeration

Related Identifiers

Affected Products

References · 9