Stefan Ritt: >> Elog Web Logbook >> 2.6.1 Security Vulnerabilities
Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 has unknown impact and attack vectors when the "logbook contains HTML code," probably cross-site scripting (XSS).
CVSS Score
4.3
EPSS Score
0.003
Published
2009-09-11
The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information.
CVSS Score
5.0
EPSS Score
0.024
Published
2006-12-28
Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode.
CVSS Score
5.1
EPSS Score
0.014
Published
2006-09-28