Vulnerabilities > Emlog

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2024-50655 Cross-site Scripting vulnerability in Emlog
emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in published articles.
network
low complexity
emlog CWE-79
5.4
2024-06-10 CVE-2024-31612 Cross-Site Request Forgery (CSRF) vulnerability in Emlog 2.3.0
Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information.
network
low complexity
emlog CWE-352
6.5
2024-01-16 CVE-2023-41619 Cross-site Scripting vulnerability in Emlog 2.1.14
Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write.
network
low complexity
emlog CWE-79
6.1
2023-12-14 CVE-2023-41618 Cross-site Scripting vulnerability in Emlog 2.1.14
Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft.
network
low complexity
emlog CWE-79
6.1
2023-12-13 CVE-2023-41621 Cross-site Scripting vulnerability in Emlog 2.1.14
A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php.
network
low complexity
emlog CWE-79
6.1
2023-12-12 CVE-2023-41623 SQL Injection vulnerability in Emlog 2.1.14
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php.
network
low complexity
emlog CWE-89
7.2
2023-10-03 CVE-2023-44973 Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 2.2.0
An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
network
low complexity
emlog CWE-434
critical
9.8
2023-10-03 CVE-2023-44974 Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 2.2.0
An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
network
low complexity
emlog CWE-434
critical
9.8
2023-10-02 CVE-2023-43267 Cross-site Scripting vulnerability in Emlog 2.1.14
A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field.
network
low complexity
emlog CWE-79
5.4
2023-09-27 CVE-2023-43291 Deserialization of Untrusted Data vulnerability in Emlog
Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component.
network
low complexity
emlog CWE-502
critical
9.8