CVE-2024-13140
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-13140 is a newly disclosed vulnerability affecting Emlog Pro versions up to 2.4.3. This issue lies within the Cover Upload Handler component and specifically the /admin/article.php?action=upload_cover file. The vulnerability is categorized as a cross-site scripting (XSS) flaw, enabling an attacker to inject malicious scripts through the manipulation of the 'image' argument. Remote exploitation is possible, increasing the potential threat to websites utilizing this software. Public disclosure of the exploit heightens the urgency for affected organizations to apply patches or workarounds to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Emlog
Affected Vendors
- EM Log