CVE-2024-13140

Medium CVSS: 5.3

A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Vendor

Emlog

Product

Emlog

CWE

CWE-79

Yayın Tarihi

2025-01-05 12:15:05

Güncelleme

2025-01-10 21:34:19

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 Emlog MEDIUM Emlog 2025

Referanslar

https://github.com/emlog/emlog/issues/312 https://github.com/emlog/emlog/issues/312#issue-2758546837 https://vuldb.com/?ctiid.290214 https://vuldb.com/?id.290214 https://vuldb.com/?submit.468753

Benzer Kayıtlar

Unknown

CVE-2026-31954

Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lac…

Critical

CVE-2026-22799

Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-a…

Medium

CVE-2026-21432

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can…

High

CVE-2026-21433

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-o…

High

CVE-2026-21430

Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cros…

Low

CVE-2026-21431

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `…