CNNVD-202510-4404 Information

CNNVD ID

CNNVD-202510-4404

Related CVE

CVE-2025-62618

• CNNVD Published: 2025-10-31

Description (Chinese)

ELog是Stefan Ritt个人开发者的一款有Web界面的电子日志软件。 ELog 3.1.5版本至20251014版本存在安全漏洞，该漏洞源于允许经过身份验证的用户上传任意HTML文件，可能导致跨站脚本攻击和凭据泄露。

Description (English)

ELog is Stefan Ritt’s personal developer of an electronic log software with a Web interface. ELog 3.1.5 to 20251014 contains a security loophole, which arises from allowing the uploading of any HTML document by an identified user, which may result in a cross-site scrip attack and a leak of evidence.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-10-31

Last Modified

2026-02-24

References

https://bitbucket.org/ritt/elog/commits/7092ff64f6eb9521f8cc8c52272a020bf3730946 https://bitbucket.org/ritt/elog/commits/f81e5695c40997322fe2713bfdeba459d9de09dc https://elog.psi.ch/elog/download/RPMS/?C=M;O=D https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-304-01.json https://www.cve.org/CVERecord?id=CVE-2025-62618