Vulnerabilities > Emlog > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-10 | CVE-2024-31612 | Cross-Site Request Forgery (CSRF) vulnerability in Emlog 2.3.0 Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information. | 6.5 |
| 2024-01-16 | CVE-2023-41619 | Cross-site Scripting vulnerability in Emlog 2.1.14 Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write. | 6.1 |
| 2023-12-14 | CVE-2023-41618 | Cross-site Scripting vulnerability in Emlog 2.1.14 Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft. | 6.1 |
| 2023-12-13 | CVE-2023-41621 | Cross-site Scripting vulnerability in Emlog 2.1.14 A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php. | 6.1 |
| 2023-10-02 | CVE-2023-43267 | Cross-site Scripting vulnerability in Emlog 2.1.14 A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field. | 5.4 |
| 2023-07-26 | CVE-2023-37049 | Missing Authorization vulnerability in Emlog 2.1.9 emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php. | 6.5 |
| 2023-04-27 | CVE-2023-30338 | Cross-site Scripting vulnerability in Emlog 2.0.3 Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters. | 5.4 |
| 2022-11-13 | CVE-2022-3968 | Cross-site Scripting vulnerability in Emlog A vulnerability has been found in emlog and classified as problematic. | 6.1 |
| 2022-11-03 | CVE-2022-43372 | Cross-site Scripting vulnerability in Emlog 1.7.1 Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php. | 4.8 |
| 2022-04-29 | CVE-2022-1526 | Cross-site Scripting vulnerability in Emlog A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. | 5.4 |