Vulnerabilities > Emlog
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-05 | CVE-2020-19028 | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 6.0.0 *File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function. | 7.5 |
| 2023-04-27 | CVE-2023-30338 | Cross-site Scripting vulnerability in Emlog 2.0.3 Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters. | 5.4 |
| 2022-11-13 | CVE-2022-3968 | Cross-site Scripting vulnerability in Emlog A vulnerability has been found in emlog and classified as problematic. | 6.1 |
| 2022-11-03 | CVE-2022-43372 | Cross-site Scripting vulnerability in Emlog 1.7.1 Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php. | 4.8 |
| 2022-10-21 | CVE-2022-42189 | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 1.6.0 Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. | 7.2 |
| 2022-04-29 | CVE-2022-1526 | Cross-site Scripting vulnerability in Emlog A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. | 5.4 |
| 2022-02-04 | CVE-2022-23379 | SQL Injection vulnerability in Emlog 6.0.0 Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). | 7.5 |
| 2022-01-31 | CVE-2022-23872 | Cross-site Scripting vulnerability in Emlog 1.1.1 Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info. | 4.8 |
| 2022-01-06 | CVE-2021-44584 | Cross-site Scripting vulnerability in Emlog Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | 4.3 |
| 2021-12-14 | CVE-2021-40883 | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 5.3.1 A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. | 7.5 |