CVE-2024-12843 – This is a cross-site scripting (XSS) vulnerabil... (How to Fix)

Q: What is the severity of CVE-2024-12843?

CVE-2024-12843 has a CVSS score of 4.3 (MEDIUM). This is a cross-site scripting (XSS) vulnerability in Emlog Pro's admin plugin management interface. Attackers can inject malicious scripts via the 'filter' parameter in /admin/plugin.php, potentially compromising admin sessions. Only Emlog Pro installations up to version 2.4.1 are affected.

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in Emlog Pro's admin plugin management interface. Attackers can inject malicious scripts via the 'filter' parameter in /admin/plugin.php, potentially compromising admin sessions. Only Emlog Pro installations up to version 2.4.1 are affected.

💻 Affected Systems

Products:

Emlog Pro

Versions: up to 2.4.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin access to exploit, but admin interface is typically internet-facing

📦 What is this software?

Emlog by Emlog

View all CVEs affecting Emlog →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Admin account takeover leading to complete website compromise, data theft, or malware distribution to visitors

🟠

Likely Case

Session hijacking of admin users, unauthorized plugin management, or defacement

🟢

If Mitigated

Limited impact if admin users have strong session security and browsers have XSS protection enabled

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires admin authentication but XSS payloads are simple to craft

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.2 or later

Vendor Advisory: https://github.com/emlog/emlog/issues/305

Restart Required: No

Instructions:

1. Backup your Emlog installation and database. 2. Download latest version from official source. 3. Replace all files except config.php and uploads directory. 4. Clear browser cache and cookies.

🔧 Temporary Workarounds

Input Sanitization

all

Add input validation for filter parameter in plugin.php

Edit /admin/plugin.php and sanitize $_GET['filter'] with htmlspecialchars()

Content Security Policy

all

Implement CSP headers to mitigate XSS impact

Add 'Content-Security-Policy: default-src 'self'' to .htaccess or server config

🧯 If You Can't Patch

Restrict admin access to trusted IP addresses only
Implement Web Application Firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check if Emlog version is 2.4.1 or earlier and /admin/plugin.php exists

Check Version:

Check emlog_version in database or view admin dashboard footer

Verify Fix Applied:

Test filter parameter with XSS payload after update - should be sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual filter parameter values in access logs
Multiple failed admin login attempts followed by plugin.php access

Network Indicators:

HTTP requests to /admin/plugin.php with script tags in parameters
Outbound connections to suspicious domains after admin login

SIEM Query:

source="web_access.log" AND uri="/admin/plugin.php" AND (param="filter" AND value CONTAINS "<script>" OR "javascript:")

📊 Metadata

CVE ID: CVE-2024-12843

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-79

Published: December 20, 2024

Last Updated: January 7, 2025

🔗 References

https://github.com/emlog/emlog/issues/305 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.289079 Permissions Required
https://vuldb.com/?id.289079 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12843, you might also want to check these: