Login Sign Up

CVE-2024-12841

4.3 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into Emlog Pro blog management systems through the tag.php admin interface. Remote attackers can execute cross-site scripting attacks that may compromise administrator sessions or deface websites. All Emlog Pro installations up to version 2.4.1 are affected.

💻 Affected Systems

Products:
  • Emlog Pro
Versions: Up to and including 2.4.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations with admin panel accessible; requires admin privileges to exploit

📦 What is this software?

Emlog by Emlog

View all CVEs affecting Emlog →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account takeover leading to complete blog compromise, data theft, or malware distribution to visitors

🟠

Likely Case

Session hijacking of admin users, website defacement, or credential theft through phishing

🟢

If Mitigated

Limited to non-persistent XSS affecting only users who interact with malicious tag inputs

🌐 Internet-Facing: MEDIUM - Attack requires admin panel access but can be exploited remotely
🏢 Internal Only: LOW - Requires authenticated admin access, reducing attack surface

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details publicly disclosed; requires admin authentication but simple to execute

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.2 or later

Vendor Advisory: https://github.com/emlog/emlog/issues/305

Restart Required: No

Instructions:

1. Backup your Emlog Pro installation and database. 2. Download latest version from official repository. 3. Replace all files except config.php and uploads directory. 4. Run update script if provided.

🔧 Temporary Workarounds

Input Sanitization

all

Add custom input validation for keyword parameter in tag.php

Edit /admin/tag.php and add htmlspecialchars() or similar sanitization to keyword parameter

Access Restriction

linux

Restrict admin panel access to trusted IP addresses only

Add IP whitelist rules to .htaccess or web server configuration for /admin/ directory

🧯 If You Can't Patch

  • Implement Content Security Policy (CSP) headers to mitigate XSS impact
  • Require multi-factor authentication for all admin accounts

🔍 How to Verify

Check if Vulnerable:

Check if Emlog Pro version is 2.4.1 or earlier and review /admin/tag.php for proper input sanitization

Check Version:

Check emlog_version in database or view footer in admin panel

Verify Fix Applied:

Verify version is 2.4.2+ and test XSS payloads in tag keyword field are properly sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual tag creation/modification patterns
  • Admin panel access from suspicious IPs
  • JavaScript payloads in URL parameters

Network Indicators:

  • POST requests to /admin/tag.php with script tags in parameters
  • Unusual outbound connections from admin sessions

SIEM Query:

source="web_logs" AND (url="/admin/tag.php" AND (param="keyword" CONTAINS "<script>" OR param="keyword" CONTAINS "javascript:"))

📊 Metadata

CVE ID: CVE-2024-12841
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-79
Published: December 20, 2024
Last Updated: January 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12841, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)