Vendor CVEs
Emlog
All CVEs
86 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12846 | 0.00 | — | 0.00 | Dec 21, 2024 | A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. The attack may be… | |||
| CVE-2024-12845 | 0.00 | — | 0.00 | Dec 20, 2024 | A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched… | |||
| CVE-2024-12844 | 0.00 | — | 0.00 | Dec 20, 2024 | A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Affected is an unknown function of the file /admin/store.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been… | |||
| CVE-2024-12842 | 0.00 | — | 0.00 | Dec 20, 2024 | A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit… | |||
| CVE-2024-12841 | 0.00 | — | 0.00 | Dec 20, 2024 | A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the file /admin/tag.php. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit… | |||
| CVE-2024-50655 | 0.00 | — | 0.00 | Nov 15, 2024 | emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in published articles. | |||
| CVE-2024-46540 | 0.00 | — | 0.01 | Sep 30, 2024 | A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges. | |||
| CVE-2024-31612 | 0.00 | — | 0.00 | Jun 10, 2024 | Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information. | |||
| CVE-2024-5044 | 0.00 | — | 0.01 | May 17, 2024 | A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects an unknown part of the component Cookie Handler. The manipulation of the argument AuthCookie leads to improper authentication. It is possible to initiate the attack remotely. The… | |||
| CVE-2024-5043 | 0.00 | — | 0.01 | May 17, 2024 | A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the… | |||
| CVE-2024-3763 | 0.00 | — | 0.00 | Apr 14, 2024 | A vulnerability was found in Emlog Pro 2.2.10. It has been rated as problematic. This issue affects some unknown processing of the file /admin/tag.php of the component Post Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The… | |||
| CVE-2024-31013 | 0.00 | — | 0.00 | Apr 3, 2024 | Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footer_info parameter. | |||
| CVE-2024-25381 | 0.00 | — | 0.00 | Feb 21, 2024 | There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content. | |||
| CVE-2023-41619 | 0.00 | — | 0.00 | Jan 16, 2024 | Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write. | |||
| CVE-2023-41623 | 0.00 | — | 0.01 | Dec 12, 2023 | Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php. | |||
| CVE-2023-39121 | 0.00 | — | 0.02 | Aug 3, 2023 | emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php. | |||
| CVE-2023-37049 | 0.00 | — | 0.01 | Jul 26, 2023 | emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php. | |||
| CVE-2020-19028 | 0.00 | — | 0.01 | Jun 5, 2023 | *File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function. | |||
| CVE-2023-30338 | 0.00 | — | 0.00 | Apr 27, 2023 | Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters. | |||
| CVE-2022-3968 | 0.00 | — | 0.00 | Nov 13, 2022 | A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name… | |||
| CVE-2022-43372 | 0.00 | — | 0.00 | Nov 3, 2022 | Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php. | |||
| CVE-2022-42189 | 0.00 | — | 0.01 | Oct 21, 2022 | Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. | |||
| CVE-2021-40610 | 0.00 | — | 0.00 | Jun 9, 2022 | Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. | |||
| CVE-2022-23379 | 0.00 | — | 0.01 | Feb 4, 2022 | Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). | |||
| CVE-2022-23872 | 0.00 | — | 0.01 | Jan 31, 2022 | Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info. | |||
| CVE-2021-44584 | 0.00 | — | 0.01 | Jan 6, 2022 | Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||
| CVE-2020-21654 | 0.00 | — | 0.01 | Oct 6, 2021 | emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file. | |||
| CVE-2020-21014 | 0.00 | — | 0.01 | Oct 1, 2021 | emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php. | |||
| CVE-2020-21013 | 0.00 | — | 0.01 | Oct 1, 2021 | emlog v6.0.0 contains a SQL injection via /admin/comment.php. | |||
| CVE-2020-21321 | 0.00 | — | 0.01 | Sep 15, 2021 | emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles. | |||
| CVE-2021-30081 | 0.00 | — | 0.01 | May 24, 2021 | An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page. | |||
| CVE-2020-18194 | 0.00 | — | 0.02 | May 17, 2021 | Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post. | |||
| CVE-2021-30227 | 0.00 | — | 0.01 | Apr 29, 2021 | Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0. | |||
| CVE-2019-17073 | 0.00 | — | 0.02 | Oct 1, 2019 | emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal. | |||
| CVE-2019-16868 | 0.00 | — | 0.03 | Sep 25, 2019 | emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. | |||
| CVE-2018-18316 | 0.00 | — | 0.01 | Oct 15, 2018 | emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. |
- CVE-2024-12846Dec 21, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. The attack may be…
- CVE-2024-12845Dec 20, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched…
- CVE-2024-12844Dec 20, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Affected is an unknown function of the file /admin/store.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been…
- CVE-2024-12842Dec 20, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit…
- CVE-2024-12841Dec 20, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the file /admin/tag.php. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit…
- CVE-2024-50655Nov 15, 2024risk 0.00cvss —epss 0.00
emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in published articles.
- CVE-2024-46540Sep 30, 2024risk 0.00cvss —epss 0.01
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges.
- CVE-2024-31612Jun 10, 2024risk 0.00cvss —epss 0.00
Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information.
- CVE-2024-5044May 17, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects an unknown part of the component Cookie Handler. The manipulation of the argument AuthCookie leads to improper authentication. It is possible to initiate the attack remotely. The…
- CVE-2024-5043May 17, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the…
- CVE-2024-3763Apr 14, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Emlog Pro 2.2.10. It has been rated as problematic. This issue affects some unknown processing of the file /admin/tag.php of the component Post Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The…
- CVE-2024-31013Apr 3, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footer_info parameter.
- CVE-2024-25381Feb 21, 2024risk 0.00cvss —epss 0.00
There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.
- CVE-2023-41619Jan 16, 2024risk 0.00cvss —epss 0.00
Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write.
- CVE-2023-41623Dec 12, 2023risk 0.00cvss —epss 0.01
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php.
- CVE-2023-39121Aug 3, 2023risk 0.00cvss —epss 0.02
emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.
- CVE-2023-37049Jul 26, 2023risk 0.00cvss —epss 0.01
emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php.
- CVE-2020-19028Jun 5, 2023risk 0.00cvss —epss 0.01
*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function.
- CVE-2023-30338Apr 27, 2023risk 0.00cvss —epss 0.00
Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters.
- CVE-2022-3968Nov 13, 2022risk 0.00cvss —epss 0.00
A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name…
- CVE-2022-43372Nov 3, 2022risk 0.00cvss —epss 0.00
Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php.
- CVE-2022-42189Oct 21, 2022risk 0.00cvss —epss 0.01
Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.
- CVE-2021-40610Jun 9, 2022risk 0.00cvss —epss 0.00
Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management.
- CVE-2022-23379Feb 4, 2022risk 0.00cvss —epss 0.01
Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid().
- CVE-2022-23872Jan 31, 2022risk 0.00cvss —epss 0.01
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info.
- CVE-2021-44584Jan 6, 2022risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
- CVE-2020-21654Oct 6, 2021risk 0.00cvss —epss 0.01
emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file.
- CVE-2020-21014Oct 1, 2021risk 0.00cvss —epss 0.01
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.
- CVE-2020-21013Oct 1, 2021risk 0.00cvss —epss 0.01
emlog v6.0.0 contains a SQL injection via /admin/comment.php.
- CVE-2020-21321Sep 15, 2021risk 0.00cvss —epss 0.01
emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.
- CVE-2021-30081May 24, 2021risk 0.00cvss —epss 0.01
An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page.
- CVE-2020-18194May 17, 2021risk 0.00cvss —epss 0.02
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
- CVE-2021-30227Apr 29, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0.
- CVE-2019-17073Oct 1, 2019risk 0.00cvss —epss 0.02
emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.
- CVE-2019-16868Sep 25, 2019risk 0.00cvss —epss 0.03
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.
- CVE-2018-18316Oct 15, 2018risk 0.00cvss —epss 0.01
emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.
Page 2 of 2