Vulnerabilities > Emlog > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2020-21321 Cross-Site Request Forgery (CSRF) vulnerability in Emlog 6.0.0
emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.
network
low complexity
emlog CWE-352
4.3
2021-05-17 CVE-2020-18194 Cross-site Scripting vulnerability in Emlog 6.0.0
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
network
low complexity
emlog CWE-79
6.1
2021-04-29 CVE-2021-30227 Cross-site Scripting vulnerability in Emlog 6.0.0
Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0.
network
low complexity
emlog CWE-79
6.1
2021-02-08 CVE-2021-3293 Unspecified vulnerability in Emlog 5.3.1
emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.
network
low complexity
emlog
5.3
2019-10-01 CVE-2019-17073 Path Traversal vulnerability in Emlog
emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.
network
low complexity
emlog CWE-22
6.5