CVE-2022-3968 A vulnerability in emlog has been found and is being labelled as a problem. The manipulation of the argument tag leads to cross site scripting.
This finding has been verified with emlog version 1.6.1. emlog is a CMS developed using the Django framework. It is currently maintained by the emlog team. The latest official release of emlog is version 2.2.2. In order to verify if the installation of emlog is vulnerable to any issues, it is recommended to patch the software. The recommended patch information has been provided below in order to fix the security issue.
emlog version and patch information
Latest release:
emlog version 2.2.2
PATCH IT:
pip install jinja2==2.10
pip install django==1.7
pip install django-compressor==0.9.6
Dangers of emlog CMS
Emlog is a CMS developed using the Django framework. It is currently maintained by the emlog team. The latest official release of emlog is version 2.2.2. In order to verify if the installation of emlog is vulnerable to any issues, it is recommended to patch the software. The recommended patch information has been provided below in order to fix the security issue.
Step 1: Remove emlog from WordPress
In order to patch the software, you will need to remove emlog from your WordPress installation. Note that this step is only necessary for sites with a working installation of WordPress and does not apply to websites which do not use WordPress as their CMS.
References:
1. https://github.com/emlog/emlog
2. CVE-2022-3968
3. http://www.kb.cert.org/vuls/id/193460
4. https://www.symantec.com/security_response/securityupdates
Timeline
Published on: 11/13/2022 08:15:00 UTC
Last modified on: 11/17/2022 20:34:00 UTC