Lucene search

VulDBCVELIST:CVE-2022-3968

HistoryNov 13, 2022 - 12:00 a.m.

CVE-2022-3968 emlog article_save.php cross site scripting

2022-11-1300:00:00

CWE-707

VulDB

www.cve.org

emlog

article_save.php

cross site scripting

vulnerability

patch

remote attack

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

26.2%

JSON

A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f69a0c74107761a02. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213547.

CNA Affected

[
  {
    "vendor": "unspecified",
    "product": "emlog",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

github.com/emlog/emlog/commit/5bf7a79826e0ea09bcc8a21f69a0c74107761a02

vuldb.com/?id.213547

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

26.2%

JSON

Related for CVELIST:CVE-2022-3968