Lucene search

[email protected]NVD:CVE-2024-31612

HistoryJun 10, 2024 - 6:15 p.m.

CVE-2024-31612

2024-06-1018:15:31

CWE-352

[email protected]

web.nvd.nist.gov

emlog pro2.3

csrf

xss

vulnerability

administrator information

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

22.9%

JSON

Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information.

Affected configurations

Nvd

Node

emlogemlogMatch2.3.0pro

VendorProductVersionCPE
emlogemlog2.3.0cpe:2.3:a:emlog:emlog:2.3.0:*:*:*:pro:*:*:*

Vendor	Product	Version	CPE
emlog	emlog	2.3.0	cpe:2.3:a:emlog:emlog:2.3.0::::pro:::

References

github.com/ss122-0ss/cms/blob/main/emlog-csrf.md

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

22.9%

JSON

Related for NVD:CVE-2024-31612

cve1 vulnrichment1 osv1 cvelist1