CVE-2024-13140

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-13140
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-13140.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-13140
Published
2025-01-05T12:15:05Z
Modified
2025-01-11T08:50:52.222295Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/emlog/emlog

Affected ranges

Type
GIT
Repo
https://github.com/emlog/emlog
Events

Affected versions

pro-2.*

pro-2.4.0
pro-2.4.1
pro-2.4.2
pro-2.4.3