Headline
CVE-2022-3968: fix:tag xss · emlog/emlog@5bf7a79
A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f69a0c74107761a02. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213547.
@@ -18,7 +18,7 @@ $title = isset($_POST[‘title’]) ? addslashes(trim($_POST[‘title’])) : '’; $postDate = isset($_POST[‘postdate’]) ? strtotime(trim($_POST[‘postdate’])) : '’; $sort = isset($_POST[‘sort’]) ? (int)$_POST[‘sort’] : -1; $tagstring = isset($_POST[‘tag’]) ? addslashes(trim($_POST[‘tag’])) : '’; $tagstring = isset($_POST[‘tag’]) ? strip_tags(addslashes(trim($_POST[‘tag’]))) : '’; $content = isset($_POST[‘logcontent’]) ? addslashes(trim($_POST[‘logcontent’])) : '’; $excerpt = isset($_POST[‘logexcerpt’]) ? addslashes(trim($_POST[‘logexcerpt’])) : '’; $author = isset($_POST[‘author’]) && User::haveEditPermission() ? (int)trim($_POST[‘author’]) : UID;