CVE-2024-13140

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 5, 2025
Updated: Jan 10, 2025
CWE ID 94
CWE ID 79

Summary

CVE-2024-13140 is a newly disclosed vulnerability affecting Emlog Pro versions up to 2.4.3. This issue lies within the Cover Upload Handler component and specifically the /admin/article.php?action=upload_cover file. The vulnerability is categorized as a cross-site scripting (XSS) flaw, enabling an attacker to inject malicious scripts through the manipulation of the 'image' argument. Remote exploitation is possible, increasing the potential threat to websites utilizing this software. Public disclosure of the exploit heightens the urgency for affected organizations to apply patches or workarounds to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share