Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ELOG file upload stored XSS
Vulnerability Description
ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or crack the password hash offline. In ELOG 3.1.5-20251014 release, HTML files are rendered as plain text.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
ELog 安全漏洞
Vulnerability Description
ELog是Stefan Ritt个人开发者的一款有Web界面的电子日志软件。 ELog 3.1.5版本至20251014版本存在安全漏洞,该漏洞源于允许经过身份验证的用户上传任意HTML文件,可能导致跨站脚本攻击和凭据泄露。
CVSS Information
N/A
Vulnerability Type
N/A