CVE-2024-3762

A vulnerability was found in Emlog Pro 2.2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/twitter.php of the component Whisper Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260602 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Configurations

No configuration.

History

21 Nov 2024, 09:30

Type Values Removed Values Added
References () https://github.com/fubxx/CVE/blob/main/Emlog-XSS.md - () https://github.com/fubxx/CVE/blob/main/Emlog-XSS.md -
References () https://vuldb.com/?ctiid.260602 - () https://vuldb.com/?ctiid.260602 -
References () https://vuldb.com/?id.260602 - () https://vuldb.com/?id.260602 -
References () https://vuldb.com/?submit.311793 - () https://vuldb.com/?submit.311793 -

15 Apr 2024, 13:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en Emlog Pro 2.2.10. Ha sido declarada problemática. Esta vulnerabilidad afecta a un código desconocido del archivo /admin/twitter.php del componente Whisper Page. La manipulación conduce a cross-site scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-260602 es el identificador asignado a esta vulnerabilidad. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

14 Apr 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-14 22:15

Updated : 2024-11-21 09:30


NVD link : CVE-2024-3762

Mitre link : CVE-2024-3762

CVE.ORG link : CVE-2024-3762


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')