CVE-2024-12841 MEDIUM

CVE-2024-12841: Emlog Pro tag.php cross site scripting

Vendor N/A
Product Emlog Pro
Weakness CWE-79 · XSS
Published December 20, 2024
Last update December 24, 2024
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the file /admin/tag.php. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

December 20, 2024 CVE published
December 24, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-25331 WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability CVE-2025-0193 Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series CVE-2025-8686 WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode CVE-2016-20066 WordPress CP Polls 1.0.8 Persistent Cross-Site Scripting CVE-2025-40695 Cross Site Scripting in PHPGurukul Online Fire Reporting System