Описание
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to persistent JavaScript execution.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:emlog:emlog:2.5.19:*:*:*:pro:*:*:*
EPSS
Процентиль: 21%
0.00065
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.9
github
4 месяца назад
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to persistent JavaScript execution.
EPSS
Процентиль: 21%
0.00065
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-79