{ "id": "CVE-2022-1526", "sourceIdentifier": "cna@vuldb.com", "published": "2022-04-29T08:15:07.003", "lastModified": "2023-11-07T03:41:59.000", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input leads to cross site scripting. It is possible to initiate the attack remotely but it requires a signup and login by the attacker. The exploit has been disclosed to the public and may be used." }, { "lang": "es", "value": "Se ha encontrado una vulnerabilidad, clasificada como problem\u00e1tica, en Emlog Pro versiones hasta 1.2.2. Afecta a la manipulaci\u00f3n del par\u00e1metro POST de los art\u00edculos. La manipulaci\u00f3n con la entrada (script)alert(1);(/script) conlleva a un ataque de tipo cross site scripting. Es posible iniciar el ataque de forma remota, pero requiere un registro y un inicio de sesi\u00f3n por parte del atacante. La explotaci\u00f3n ha sido divulgado al p\u00fablico y puede ser usada" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.3, "impactScore": 2.7 }, { "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW" }, "exploitabilityScore": 2.1, "impactScore": 1.4 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 3.5 }, "baseSeverity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] }, { "source": "cna@vuldb.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*", "versionEndIncluding": "1.2.2", "matchCriteriaId": "921F166B-5771-4291-9A5F-76008F654E08" } ] } ] } ], "references": [ { "url": "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/emlog%3C=pro-1.2.2%20Stored%20Cross-Site%20Scripting%28XSS%29.md", "source": "cna@vuldb.com" }, { "url": "https://vuldb.com/?id.198705", "source": "cna@vuldb.com", "tags": [ "Third Party Advisory" ] } ] }