CVE-2024-25381
MEDIUMemlog 2.2.8 - Stored Cross-Site Scripting in Article Publishing
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2024-25381. PoCs published by m0b1u3, OoO7ce.
Description
There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.
Exploits (2)
References (2)
Core 2
Core References
Third Party Advisory
https://github.com/Ox130e07d/CVE-2024-25381/blob/main/description
Exploit, Issue Tracking, Third Party Advisory
https://github.com/emlog/emlog/issues/285
Scores
CVSS v3
6.1
EPSS
0.0038
EPSS Percentile
29.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
emlog/emlog
2.2.8
Published
Feb 21, 2024
Tracked Since
Feb 18, 2026