A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
History

Fri, 20 Dec 2024 20:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 5.0, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}


cve-icon MITRE

No data.

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2024-12-20T20:15:21.880

Modified: 2024-12-20T20:15:21.880

Link: CVE-2024-12842

cve-icon Redhat

No data.