2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
78.6%
Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG
2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web
script via (1) the filename for downloading, which is not quoted in an
error message by the send_file_direct function, and (2) the Type or
Category values in a New entry, which is not properly handled in an error
message by the submit_elog function.