Описание
Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery (CSRF). This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site scripting, leads to account takeover. As of time of publication, no known patched versions are available.
Ссылки
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:emlog:emlog:2.5.23:*:*:*:pro:*:*:*
EPSS
Процентиль: 4%
0.00019
Низкий
9.3 Critical
CVSS3
Дефекты
CWE-79
EPSS
Процентиль: 4%
0.00019
Низкий
9.3 Critical
CVSS3
Дефекты
CWE-79