Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
References
Link | Resource |
---|---|
https://github.com/emlog/emlog/commit/3f89610f721120ded3ff491cb9cd99d9927c7582 | Patch Third Party Advisory |
https://github.com/emlog/emlog/issues/113 | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
History
12 Jan 2022, 14:50
Type | Values Removed | Values Added |
---|---|---|
First Time |
Emlog
Emlog emlog |
|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CPE | cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:* | |
CWE | CWE-79 | |
References | (MISC) https://github.com/emlog/emlog/commit/3f89610f721120ded3ff491cb9cd99d9927c7582 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/emlog/emlog/issues/113 - Exploit, Issue Tracking, Patch, Third Party Advisory |
06 Jan 2022, 13:29
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-06 13:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-44584
Mitre link : CVE-2021-44584
CVE.ORG link : CVE-2021-44584
JSON object : View
Products Affected
emlog
- emlog
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')