Vulnerabilities > Emlog > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-31 CVE-2022-23872 Cross-site Scripting vulnerability in Emlog 1.1.1
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info.
network
low complexity
emlog CWE-79
4.8
4.8
2022-01-06 CVE-2021-44584 Cross-site Scripting vulnerability in Emlog
Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
network
emlog CWE-79
4.3
4.3
2021-10-06 CVE-2020-21654 Unspecified vulnerability in Emlog 6.0.0
emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file.
network
low complexity
emlog
6.5
6.5
2021-10-01 CVE-2020-21013 SQL Injection vulnerability in Emlog 6.0.0
emlog v6.0.0 contains a SQL injection via /admin/comment.php.
network
low complexity
emlog CWE-89
6.5
6.5
2021-10-01 CVE-2020-21014 Unspecified vulnerability in Emlog 6.0.0
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.
network
low complexity
emlog
5.5
5.5
2021-09-15 CVE-2020-21321 Cross-Site Request Forgery (CSRF) vulnerability in Emlog 6.0.0
emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.
network
emlog CWE-352
4.3
4.3
2021-05-24 CVE-2021-30081 SQL Injection vulnerability in Emlog 6.0.0
An issue was discovered in emlog 6.0.0stable.
network
low complexity
emlog CWE-89
6.5
6.5
2021-05-17 CVE-2020-18194 Cross-site Scripting vulnerability in Emlog 6.0.0
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
network
emlog CWE-79
4.3
4.3
2021-04-29 CVE-2021-30227 Cross-site Scripting vulnerability in Emlog 6.0.0
Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0.
network
emlog CWE-79
4.3
4.3
2021-02-08 CVE-2021-3293 Unspecified vulnerability in Emlog 5.3.1
emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.
network
low complexity
emlog
5.3
5.3