Vulnerabilities > Emlog > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-15 | CVE-2020-21321 | Cross-Site Request Forgery (CSRF) vulnerability in Emlog 6.0.0 emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles. | 4.3 |
2021-05-17 | CVE-2020-18194 | Cross-site Scripting vulnerability in Emlog 6.0.0 Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post. | 6.1 |
2021-04-29 | CVE-2021-30227 | Cross-site Scripting vulnerability in Emlog 6.0.0 Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0. | 6.1 |
2021-02-08 | CVE-2021-3293 | Unspecified vulnerability in Emlog 5.3.1 emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file. | 5.3 |
2019-10-01 | CVE-2019-17073 | Path Traversal vulnerability in Emlog emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal. | 6.5 |