Search criteria
15 vulnerabilities found for ELOG by ELOG
CVE-2025-64349 (GCVE-0-2025-64349)
Vulnerability from cvelistv5 – Published: 2025-10-31 18:31 – Updated: 2025-12-02 14:55
VLAI?
Title
ELOG user profile missing authorization
Summary
ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
Credits
Karl Meister, CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:54:30.965381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:55:52.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ELOG",
"vendor": "ELOG",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Karl Meister, CISA"
}
],
"datePublic": "2025-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ELOG allows an authenticated user to modify another user\u0027s profile. An attacker can edit a target user\u0027s email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64349",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T18:40:12.634881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T18:31:42.904Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://bitbucket.org/ritt/elog/commits/7092ff64f6eb9521f8cc8c52272a020bf3730946"
},
{
"name": "url",
"url": "https://bitbucket.org/ritt/elog/commits/f81e5695c40997322fe2713bfdeba459d9de09dc"
},
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-304-01.json"
},
{
"name": "url",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64349"
}
],
"title": "ELOG user profile missing authorization"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2025-64349",
"datePublished": "2025-10-31T18:31:42.904Z",
"dateReserved": "2025-10-30T20:40:39.301Z",
"dateUpdated": "2025-12-02T14:55:52.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64348 (GCVE-0-2025-64348)
Vulnerability from cvelistv5 – Published: 2025-10-31 18:31 – Updated: 2025-11-04 15:58
VLAI?
Title
ELOG configuration file authorization bypass
Summary
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow shell commands or self-registration.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
Credits
Karl Meister, CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T15:58:39.472366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T15:58:49.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ELOG",
"vendor": "ELOG",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Karl Meister, CISA"
}
],
"datePublic": "2025-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the \"-x\" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow shell commands or self-registration."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"modifiedPrivilegesRequired": "NONE",
"modifiedSubAvailabilityImpact": "HIGH",
"modifiedSubConfidentialityImpact": "HIGH",
"modifiedSubIntegrityImpact": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/MPR:N/MSC:H/MSI:H/MSA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T16:12:37.368789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T18:31:21.412Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://bitbucket.org/ritt/elog/commits/f81e5695c40997322fe2713bfdeba459d9de09dc"
},
{
"name": "url",
"url": "https://bitbucket.org/ritt/elog/commits/7092ff64f6eb9521f8cc8c52272a020bf3730946"
},
{
"name": "url",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64348"
},
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-304-01.json"
}
],
"title": "ELOG configuration file authorization bypass"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2025-64348",
"datePublished": "2025-10-31T18:31:21.412Z",
"dateReserved": "2025-10-30T20:40:29.749Z",
"dateUpdated": "2025-11-04T15:58:49.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62618 (GCVE-0-2025-62618)
Vulnerability from cvelistv5 – Published: 2025-10-31 18:31 – Updated: 2025-11-04 15:58
VLAI?
Title
ELOG file upload stored XSS
Summary
ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or crack the password hash offline. In ELOG 3.1.5-20251014 release, HTML files are rendered as plain text.
Severity ?
CWE
Assigner
References
Impacted products
Credits
Karl Meister, CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T15:57:52.513765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T15:58:06.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ELOG",
"vendor": "ELOG",
"versions": [
{
"lessThan": "3.1.5-20251014",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "3.1.5-20251014"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Karl Meister, CISA"
}
],
"datePublic": "2025-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target\u0027s credentials and replay them or crack the password hash offline. In ELOG 3.1.5-20251014 release, HTML files are rendered as plain text."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T19:27:08.218893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-836",
"description": "CWE-836 Use of Password Hash Instead of Password for Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T18:31:06.652Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://bitbucket.org/ritt/elog/commits/f81e5695c40997322fe2713bfdeba459d9de09dc"
},
{
"name": "url",
"url": "https://elog.psi.ch/elog/download/RPMS/?C=M;O=D"
},
{
"name": "url",
"url": "https://bitbucket.org/ritt/elog/commits/7092ff64f6eb9521f8cc8c52272a020bf3730946"
},
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-304-01.json"
},
{
"name": "url",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62618"
}
],
"title": "ELOG file upload stored XSS"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2025-62618",
"datePublished": "2025-10-31T18:31:06.652Z",
"dateReserved": "2025-10-16T19:38:59.151Z",
"dateUpdated": "2025-11-04T15:58:06.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2008-7004 (GCVE-0-2008-7004)
Vulnerability from cvelistv5 – Published: 2009-08-19 10:00 – Updated: 2024-08-07 11:49
VLAI?
Summary
Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://midas.psi.ch/elog/download/ChangeLog"
},
{
"name": "ADV-2008-0265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "elog-elogc-bo(39903)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39903"
},
{
"name": "41684",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/41684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://midas.psi.ch/elog/download/ChangeLog"
},
{
"name": "ADV-2008-0265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "elog-elogc-bo(39903)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39903"
},
{
"name": "41684",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/41684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://midas.psi.ch/elog/download/ChangeLog",
"refsource": "CONFIRM",
"url": "https://midas.psi.ch/elog/download/ChangeLog"
},
{
"name": "ADV-2008-0265",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "elog-elogc-bo(39903)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39903"
},
{
"name": "41684",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/41684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7004",
"datePublished": "2009-08-19T10:00:00",
"dateReserved": "2009-08-18T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0445 (GCVE-0-2008-0445)
Vulnerability from cvelistv5 – Published: 2008-01-24 23:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28589"
},
{
"name": "ADV-2008-0265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "elog-elogd-logbook-dos(39824)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39824"
},
{
"name": "27399",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28589"
},
{
"name": "ADV-2008-0265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "elog-elogd-logbook-dos(39824)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39824"
},
{
"name": "27399",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28589"
},
{
"name": "ADV-2008-0265",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "elog-elogd-logbook-dos(39824)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39824"
},
{
"name": "27399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0445",
"datePublished": "2008-01-24T23:00:00",
"dateReserved": "2008-01-24T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0444 (GCVE-0-2008-0444)
Vulnerability from cvelistv5 – Published: 2008-01-24 23:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28589"
},
{
"name": "ADV-2008-0265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "41681",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41681"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://midas.psi.ch/elog/download/ChangeLog"
},
{
"name": "elog-subtext-xss(39828)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39828"
},
{
"name": "27399",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28589"
},
{
"name": "ADV-2008-0265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "41681",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41681"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://midas.psi.ch/elog/download/ChangeLog"
},
{
"name": "elog-subtext-xss(39828)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39828"
},
{
"name": "27399",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28589"
},
{
"name": "ADV-2008-0265",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "41681",
"refsource": "OSVDB",
"url": "http://osvdb.org/41681"
},
{
"name": "http://midas.psi.ch/elog/download/ChangeLog",
"refsource": "CONFIRM",
"url": "http://midas.psi.ch/elog/download/ChangeLog"
},
{
"name": "elog-subtext-xss(39828)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39828"
},
{
"name": "27399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0444",
"datePublished": "2008-01-24T23:00:00",
"dateReserved": "2008-01-24T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-64349 (GCVE-0-2025-64349)
Vulnerability from nvd – Published: 2025-10-31 18:31 – Updated: 2025-12-02 14:55
VLAI?
Title
ELOG user profile missing authorization
Summary
ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
Credits
Karl Meister, CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:54:30.965381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:55:52.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ELOG",
"vendor": "ELOG",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Karl Meister, CISA"
}
],
"datePublic": "2025-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ELOG allows an authenticated user to modify another user\u0027s profile. An attacker can edit a target user\u0027s email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64349",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T18:40:12.634881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T18:31:42.904Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://bitbucket.org/ritt/elog/commits/7092ff64f6eb9521f8cc8c52272a020bf3730946"
},
{
"name": "url",
"url": "https://bitbucket.org/ritt/elog/commits/f81e5695c40997322fe2713bfdeba459d9de09dc"
},
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-304-01.json"
},
{
"name": "url",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64349"
}
],
"title": "ELOG user profile missing authorization"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2025-64349",
"datePublished": "2025-10-31T18:31:42.904Z",
"dateReserved": "2025-10-30T20:40:39.301Z",
"dateUpdated": "2025-12-02T14:55:52.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64348 (GCVE-0-2025-64348)
Vulnerability from nvd – Published: 2025-10-31 18:31 – Updated: 2025-11-04 15:58
VLAI?
Title
ELOG configuration file authorization bypass
Summary
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow shell commands or self-registration.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
Credits
Karl Meister, CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T15:58:39.472366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T15:58:49.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ELOG",
"vendor": "ELOG",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Karl Meister, CISA"
}
],
"datePublic": "2025-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the \"-x\" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow shell commands or self-registration."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"modifiedPrivilegesRequired": "NONE",
"modifiedSubAvailabilityImpact": "HIGH",
"modifiedSubConfidentialityImpact": "HIGH",
"modifiedSubIntegrityImpact": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/MPR:N/MSC:H/MSI:H/MSA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T16:12:37.368789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T18:31:21.412Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://bitbucket.org/ritt/elog/commits/f81e5695c40997322fe2713bfdeba459d9de09dc"
},
{
"name": "url",
"url": "https://bitbucket.org/ritt/elog/commits/7092ff64f6eb9521f8cc8c52272a020bf3730946"
},
{
"name": "url",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64348"
},
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-304-01.json"
}
],
"title": "ELOG configuration file authorization bypass"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2025-64348",
"datePublished": "2025-10-31T18:31:21.412Z",
"dateReserved": "2025-10-30T20:40:29.749Z",
"dateUpdated": "2025-11-04T15:58:49.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62618 (GCVE-0-2025-62618)
Vulnerability from nvd – Published: 2025-10-31 18:31 – Updated: 2025-11-04 15:58
VLAI?
Title
ELOG file upload stored XSS
Summary
ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or crack the password hash offline. In ELOG 3.1.5-20251014 release, HTML files are rendered as plain text.
Severity ?
CWE
Assigner
References
Impacted products
Credits
Karl Meister, CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T15:57:52.513765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T15:58:06.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ELOG",
"vendor": "ELOG",
"versions": [
{
"lessThan": "3.1.5-20251014",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "3.1.5-20251014"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Karl Meister, CISA"
}
],
"datePublic": "2025-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target\u0027s credentials and replay them or crack the password hash offline. In ELOG 3.1.5-20251014 release, HTML files are rendered as plain text."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T19:27:08.218893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-836",
"description": "CWE-836 Use of Password Hash Instead of Password for Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T18:31:06.652Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://bitbucket.org/ritt/elog/commits/f81e5695c40997322fe2713bfdeba459d9de09dc"
},
{
"name": "url",
"url": "https://elog.psi.ch/elog/download/RPMS/?C=M;O=D"
},
{
"name": "url",
"url": "https://bitbucket.org/ritt/elog/commits/7092ff64f6eb9521f8cc8c52272a020bf3730946"
},
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-304-01.json"
},
{
"name": "url",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62618"
}
],
"title": "ELOG file upload stored XSS"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2025-62618",
"datePublished": "2025-10-31T18:31:06.652Z",
"dateReserved": "2025-10-16T19:38:59.151Z",
"dateUpdated": "2025-11-04T15:58:06.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2008-7004 (GCVE-0-2008-7004)
Vulnerability from nvd – Published: 2009-08-19 10:00 – Updated: 2024-08-07 11:49
VLAI?
Summary
Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://midas.psi.ch/elog/download/ChangeLog"
},
{
"name": "ADV-2008-0265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "elog-elogc-bo(39903)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39903"
},
{
"name": "41684",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/41684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://midas.psi.ch/elog/download/ChangeLog"
},
{
"name": "ADV-2008-0265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "elog-elogc-bo(39903)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39903"
},
{
"name": "41684",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/41684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://midas.psi.ch/elog/download/ChangeLog",
"refsource": "CONFIRM",
"url": "https://midas.psi.ch/elog/download/ChangeLog"
},
{
"name": "ADV-2008-0265",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "elog-elogc-bo(39903)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39903"
},
{
"name": "41684",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/41684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7004",
"datePublished": "2009-08-19T10:00:00",
"dateReserved": "2009-08-18T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0445 (GCVE-0-2008-0445)
Vulnerability from nvd – Published: 2008-01-24 23:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28589"
},
{
"name": "ADV-2008-0265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "elog-elogd-logbook-dos(39824)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39824"
},
{
"name": "27399",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28589"
},
{
"name": "ADV-2008-0265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "elog-elogd-logbook-dos(39824)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39824"
},
{
"name": "27399",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28589"
},
{
"name": "ADV-2008-0265",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "elog-elogd-logbook-dos(39824)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39824"
},
{
"name": "27399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0445",
"datePublished": "2008-01-24T23:00:00",
"dateReserved": "2008-01-24T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0444 (GCVE-0-2008-0444)
Vulnerability from nvd – Published: 2008-01-24 23:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28589"
},
{
"name": "ADV-2008-0265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "41681",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41681"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://midas.psi.ch/elog/download/ChangeLog"
},
{
"name": "elog-subtext-xss(39828)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39828"
},
{
"name": "27399",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28589"
},
{
"name": "ADV-2008-0265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "41681",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41681"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://midas.psi.ch/elog/download/ChangeLog"
},
{
"name": "elog-subtext-xss(39828)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39828"
},
{
"name": "27399",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28589"
},
{
"name": "ADV-2008-0265",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"name": "41681",
"refsource": "OSVDB",
"url": "http://osvdb.org/41681"
},
{
"name": "http://midas.psi.ch/elog/download/ChangeLog",
"refsource": "CONFIRM",
"url": "http://midas.psi.ch/elog/download/ChangeLog"
},
{
"name": "elog-subtext-xss(39828)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39828"
},
{
"name": "27399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0444",
"datePublished": "2008-01-24T23:00:00",
"dateReserved": "2008-01-24T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2008-7004
Vulnerability from fkie_nvd - Published: 2009-08-19 10:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elog | elog | * | |
| elog | elog | 1.0.0 | |
| elog | elog | 1.0.1 | |
| elog | elog | 1.0.2 | |
| elog | elog | 1.0.3 | |
| elog | elog | 1.0.4 | |
| elog | elog | 1.0.5 | |
| elog | elog | 1.1. | |
| elog | elog | 1.1.0 | |
| elog | elog | 1.1.1 | |
| elog | elog | 1.1.2 | |
| elog | elog | 1.1.3 | |
| elog | elog | 1.2.0 | |
| elog | elog | 1.2.1 | |
| elog | elog | 1.2.2 | |
| elog | elog | 1.2.3 | |
| elog | elog | 1.2.4 | |
| elog | elog | 1.2.5 | |
| elog | elog | 1.2.6 | |
| elog | elog | 1.3.0 | |
| elog | elog | 1.3.1 | |
| elog | elog | 1.3.2 | |
| elog | elog | 1.3.3 | |
| elog | elog | 1.3.4 | |
| elog | elog | 1.3.5 | |
| elog | elog | 1.3.6 | |
| elog | elog | 2.0.0 | |
| elog | elog | 2.0.1 | |
| elog | elog | 2.0.2 | |
| elog | elog | 2.0.3 | |
| elog | elog | 2.0.4 | |
| elog | elog | 2.0.5 | |
| elog | elog | 2.1.0 | |
| elog | elog | 2.1.1 | |
| elog | elog | 2.1.2 | |
| elog | elog | 2.1.3 | |
| elog | elog | 2.2.0 | |
| elog | elog | 2.2.1 | |
| elog | elog | 2.2.2 | |
| elog | elog | 2.2.3 | |
| elog | elog | 2.2.4 | |
| elog | elog | 2.2.5 | |
| elog | elog | 2.3.0 | |
| elog | elog | 2.3.1 | |
| elog | elog | 2.3.2 | |
| elog | elog | 2.3.3 | |
| elog | elog | 2.3.4 | |
| elog | elog | 2.3.5 | |
| elog | elog | 2.3.6 | |
| elog | elog | 2.3.7 | |
| elog | elog | 2.3.8 | |
| elog | elog | 2.3.9 | |
| elog | elog | 2.4.0 | |
| elog | elog | 2.4.1 | |
| elog | elog | 2.5.0 | |
| elog | elog | 2.5.1 | |
| elog | elog | 2.5.2 | |
| elog | elog | 2.5.3 | |
| elog | elog | 2.5.4 | |
| elog | elog | 2.5.5 | |
| elog | elog | 2.5.6 | |
| elog | elog | 2.5.7 | |
| elog | elog | 2.5.8 | |
| elog | elog | 2.5.9 | |
| elog | elog | 2.6.0 | |
| elog | elog | 2.6.1 | |
| elog | elog | 2.6.2 | |
| elog | elog | 2.6.3 | |
| elog | elog | 2.6.4 | |
| elog | elog | 2.6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elog:elog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8001B79B-38EC-4E1A-B7DB-24785BA4A108",
"versionEndIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5B281C-756F-4730-B988-129D5D5ED9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFEE69C0-8B08-4BCD-B388-7356E84466B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE73E755-EA42-4BDE-A6CC-E72658FD1A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8249E7-DCF1-463D-BD6B-07B621E82EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6466-3E39-4502-AA3D-BEFDE016F759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "121FC6FD-EA8D-43F0-9F2B-21FE4D56A8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.1.:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C02CDA-6A86-4BAB-A9FC-24065EFC4E99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A50F1799-7D13-48E3-83FB-9413BEC6AF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E35B5A4E-FDEB-4A9D-B3CC-4025F215FED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3589711E-612A-4C7A-A447-6190F5B988F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A43AAE0-7F48-4CAE-A669-A24902CE4D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A9DAE4-A22A-45E8-9259-393FF0DFB3D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E24350-DAB6-4D46-BB8C-BA127ADEAC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55A2F36E-B9EB-4D1F-93FB-4518A18E77B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80BB7A6F-CF02-4557-9EA3-977C160E0C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26EB6E8F-24B5-4BA8-8ED6-3843ABE3E9DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "48420EC7-FC95-448D-912F-6BB9D2C0C084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8E5F55-AC2C-4844-8671-F8D7CA812F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2A6942-5B5C-4622-BF2C-D69941250269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30AC66A-5BC9-4FA9-A8FB-4699FFDFA5CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F201C0-9AE3-4BB1-A744-CEB928534A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F97A2D31-B3C8-4A2D-9296-0D9FAE55F109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "610F7CC0-63F7-41C9-BC41-B9A20BD9A022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B671811E-E214-44CC-B2C5-89FA83B21A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6187A-3335-4D89-B8F0-A4EAD8E88498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA5C490-0487-4759-9274-844C5C6C8F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F595EE-5852-4808-9003-42BC80DB7477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E51017F-A270-4406-947E-D13857FE325C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9BF705-D6E5-42E4-AA3B-0D05D3E269C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC9A579-D75A-41FD-82CD-79ED098F448E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "73206777-B2E7-46E8-862C-FBF429A42C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C96FD4C-1CBE-4BFB-A39B-0F64C9E96B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5A2D83-B941-4A6E-842F-FDBCBBE670B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D6A4B7-ADDB-4A28-B22B-A1A1DD811F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB7B94F8-688E-46BC-B390-3EDF54F050F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CBB6D1D-698C-4A9B-9F6A-E10F6E730DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBBE3368-77D3-4A61-A65B-F2096BF95823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39CBB4E1-91D5-4267-9E1D-0A82678489DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49C63CDB-1192-4A07-85E7-03F81909D6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "130EC88D-5245-42DB-AB4A-71C9AF44CC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC05390-FE1B-47D0-8AC4-AFDFF40C6DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15AD984D-3F11-4EFF-A653-D24221A2008F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC35EE0-08E3-406E-B866-F8691D9E69E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "398E385D-AE8B-4600-87E8-177130B0F414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97A00A3F-137A-4204-AA47-E55D71374672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2B702F-EED9-4DAB-AD45-502F44D1748C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E36E4839-FD1D-418A-8F62-88C39E378F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D52BB1B-D26F-44B7-B139-5B5F2D3F1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A949E7C5-527E-467E-B91D-54B2D90A3893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "350EA9F1-3FF4-4880-81AD-483B1CDBEA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B9A416-DB7F-4F13-B3E7-9DFA387D4656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D34F07F-8017-43D0-9750-03B6103B622E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CED236A-63A2-43D7-9C9D-6C9107D2CE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "334D4A05-FB4A-4463-9978-0E59325EDDEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EC55AF-21A6-406C-B02E-9DA668DB6B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03CBEF0B-74ED-439A-8DC2-EEB76F48FB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E013834E-8725-49B0-8544-D383A5A03166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3A659097-9731-440C-9065-C04E6AC5C855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "565BF8F2-C8B1-4933-882F-7ADA522F25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "296F9E95-95BF-4F63-B601-6820C5CBC237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6E8A41-2AA2-4757-826A-8122E9002476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8C5A99-E5A7-4650-92ED-116AFF7EDC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "97BD7090-ACE3-4D24-8765-38467B3F2E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96675B57-21EC-41AD-9E57-A1A0A93E6B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD45019-5174-4173-B7A3-272F2890D53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "31EAE462-E18C-494F-B0BC-F8C21D883BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66257524-9911-4625-8562-6D8FC6A378DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57638FC4-791C-4060-B91B-32C679945B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F10C8B-6F2E-4F76-B74C-C04EB78E5B4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Electronic Logbook (ELOG) anteriores a v2.7.1 tiene un impacto y unos vectores de ataque desconocidos y posiblemente relacionados con elog.c."
}
],
"id": "CVE-2008-7004",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-19T10:30:00.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/41684"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39903"
},
{
"source": "cve@mitre.org",
"url": "https://midas.psi.ch/elog/download/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/41684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://midas.psi.ch/elog/download/ChangeLog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0445
Vulnerability from fkie_nvd - Published: 2008-01-25 00:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elog | elog | 1.0.0 | |
| elog | elog | 1.0.1 | |
| elog | elog | 1.0.2 | |
| elog | elog | 1.0.3 | |
| elog | elog | 1.0.4 | |
| elog | elog | 1.0.5 | |
| elog | elog | 1.1.0 | |
| elog | elog | 1.1.1 | |
| elog | elog | 1.1.2 | |
| elog | elog | 1.1.3 | |
| elog | elog | 1.2.0 | |
| elog | elog | 1.2.1 | |
| elog | elog | 1.2.2 | |
| elog | elog | 1.2.3 | |
| elog | elog | 1.2.4 | |
| elog | elog | 1.2.5 | |
| elog | elog | 1.2.6 | |
| elog | elog | 1.3.0 | |
| elog | elog | 1.3.1 | |
| elog | elog | 1.3.2 | |
| elog | elog | 1.3.3 | |
| elog | elog | 1.3.4 | |
| elog | elog | 1.3.5 | |
| elog | elog | 1.3.6 | |
| elog | elog | 2.0.0 | |
| elog | elog | 2.0.1 | |
| elog | elog | 2.0.2 | |
| elog | elog | 2.0.3 | |
| elog | elog | 2.0.4 | |
| elog | elog | 2.0.5 | |
| elog | elog | 2.1.0 | |
| elog | elog | 2.1.1 | |
| elog | elog | 2.1.2 | |
| elog | elog | 2.1.3 | |
| elog | elog | 2.2.0 | |
| elog | elog | 2.2.1 | |
| elog | elog | 2.2.2 | |
| elog | elog | 2.2.3 | |
| elog | elog | 2.2.4 | |
| elog | elog | 2.2.5 | |
| elog | elog | 2.3.0 | |
| elog | elog | 2.3.1 | |
| elog | elog | 2.3.2 | |
| elog | elog | 2.3.3 | |
| elog | elog | 2.3.4 | |
| elog | elog | 2.3.5 | |
| elog | elog | 2.3.6 | |
| elog | elog | 2.3.7 | |
| elog | elog | 2.3.8 | |
| elog | elog | 2.3.9 | |
| elog | elog | 2.4.0 | |
| elog | elog | 2.4.1 | |
| elog | elog | 2.5.0 | |
| elog | elog | 2.5.1 | |
| elog | elog | 2.5.2 | |
| elog | elog | 2.5.3 | |
| elog | elog | 2.5.4 | |
| elog | elog | 2.5.5 | |
| elog | elog | 2.5.6 | |
| elog | elog | 2.5.7 | |
| elog | elog | 2.5.8 | |
| elog | elog | 2.5.9 | |
| elog | elog | 2.6.0 | |
| elog | elog | 2.6.1 | |
| elog | elog | 2.6.2 | |
| elog | elog | 2.6.3 | |
| elog | elog | 2.6.4 | |
| elog | elog | 2.6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elog:elog:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5B281C-756F-4730-B988-129D5D5ED9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFEE69C0-8B08-4BCD-B388-7356E84466B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE73E755-EA42-4BDE-A6CC-E72658FD1A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8249E7-DCF1-463D-BD6B-07B621E82EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6466-3E39-4502-AA3D-BEFDE016F759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "121FC6FD-EA8D-43F0-9F2B-21FE4D56A8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A50F1799-7D13-48E3-83FB-9413BEC6AF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E35B5A4E-FDEB-4A9D-B3CC-4025F215FED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3589711E-612A-4C7A-A447-6190F5B988F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A43AAE0-7F48-4CAE-A669-A24902CE4D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A9DAE4-A22A-45E8-9259-393FF0DFB3D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E24350-DAB6-4D46-BB8C-BA127ADEAC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55A2F36E-B9EB-4D1F-93FB-4518A18E77B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80BB7A6F-CF02-4557-9EA3-977C160E0C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26EB6E8F-24B5-4BA8-8ED6-3843ABE3E9DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "48420EC7-FC95-448D-912F-6BB9D2C0C084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8E5F55-AC2C-4844-8671-F8D7CA812F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2A6942-5B5C-4622-BF2C-D69941250269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30AC66A-5BC9-4FA9-A8FB-4699FFDFA5CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F201C0-9AE3-4BB1-A744-CEB928534A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F97A2D31-B3C8-4A2D-9296-0D9FAE55F109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "610F7CC0-63F7-41C9-BC41-B9A20BD9A022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B671811E-E214-44CC-B2C5-89FA83B21A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6187A-3335-4D89-B8F0-A4EAD8E88498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA5C490-0487-4759-9274-844C5C6C8F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F595EE-5852-4808-9003-42BC80DB7477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E51017F-A270-4406-947E-D13857FE325C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9BF705-D6E5-42E4-AA3B-0D05D3E269C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC9A579-D75A-41FD-82CD-79ED098F448E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "73206777-B2E7-46E8-862C-FBF429A42C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C96FD4C-1CBE-4BFB-A39B-0F64C9E96B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5A2D83-B941-4A6E-842F-FDBCBBE670B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D6A4B7-ADDB-4A28-B22B-A1A1DD811F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB7B94F8-688E-46BC-B390-3EDF54F050F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CBB6D1D-698C-4A9B-9F6A-E10F6E730DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBBE3368-77D3-4A61-A65B-F2096BF95823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39CBB4E1-91D5-4267-9E1D-0A82678489DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49C63CDB-1192-4A07-85E7-03F81909D6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "130EC88D-5245-42DB-AB4A-71C9AF44CC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC05390-FE1B-47D0-8AC4-AFDFF40C6DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15AD984D-3F11-4EFF-A653-D24221A2008F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC35EE0-08E3-406E-B866-F8691D9E69E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "398E385D-AE8B-4600-87E8-177130B0F414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97A00A3F-137A-4204-AA47-E55D71374672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2B702F-EED9-4DAB-AD45-502F44D1748C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E36E4839-FD1D-418A-8F62-88C39E378F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D52BB1B-D26F-44B7-B139-5B5F2D3F1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A949E7C5-527E-467E-B91D-54B2D90A3893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "350EA9F1-3FF4-4880-81AD-483B1CDBEA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B9A416-DB7F-4F13-B3E7-9DFA387D4656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D34F07F-8017-43D0-9750-03B6103B622E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CED236A-63A2-43D7-9C9D-6C9107D2CE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "334D4A05-FB4A-4463-9978-0E59325EDDEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EC55AF-21A6-406C-B02E-9DA668DB6B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03CBEF0B-74ED-439A-8DC2-EEB76F48FB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E013834E-8725-49B0-8544-D383A5A03166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3A659097-9731-440C-9065-C04E6AC5C855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "565BF8F2-C8B1-4933-882F-7ADA522F25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "296F9E95-95BF-4F63-B601-6820C5CBC237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6E8A41-2AA2-4757-826A-8122E9002476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8C5A99-E5A7-4650-92ED-116AFF7EDC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "97BD7090-ACE3-4D24-8765-38467B3F2E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96675B57-21EC-41AD-9E57-A1A0A93E6B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD45019-5174-4173-B7A3-272F2890D53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "31EAE462-E18C-494F-B0BC-F8C21D883BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66257524-9911-4625-8562-6D8FC6A378DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57638FC4-791C-4060-B91B-32C679945B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F10C8B-6F2E-4F76-B74C-C04EB78E5B4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "La funci\u00f3n replace_inline_img en elogd de Electronic Logbook (ELOG) anterior a 2.7.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito) mediante entradas logbook manipuladas. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-0445",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-25T00:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28589"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27399"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39824"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0444
Vulnerability from fkie_nvd - Published: 2008-01-25 00:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elog | elog | 1.0.0 | |
| elog | elog | 1.0.1 | |
| elog | elog | 1.0.2 | |
| elog | elog | 1.0.3 | |
| elog | elog | 1.0.4 | |
| elog | elog | 1.0.5 | |
| elog | elog | 1.1.0 | |
| elog | elog | 1.1.1 | |
| elog | elog | 1.1.2 | |
| elog | elog | 1.1.3 | |
| elog | elog | 1.2.0 | |
| elog | elog | 1.2.1 | |
| elog | elog | 1.2.2 | |
| elog | elog | 1.2.3 | |
| elog | elog | 1.2.4 | |
| elog | elog | 1.2.5 | |
| elog | elog | 1.2.6 | |
| elog | elog | 1.3.0 | |
| elog | elog | 1.3.1 | |
| elog | elog | 1.3.2 | |
| elog | elog | 1.3.3 | |
| elog | elog | 1.3.4 | |
| elog | elog | 1.3.5 | |
| elog | elog | 1.3.6 | |
| elog | elog | 2.0.0 | |
| elog | elog | 2.0.1 | |
| elog | elog | 2.0.2 | |
| elog | elog | 2.0.3 | |
| elog | elog | 2.0.4 | |
| elog | elog | 2.0.5 | |
| elog | elog | 2.1.0 | |
| elog | elog | 2.1.1 | |
| elog | elog | 2.1.2 | |
| elog | elog | 2.1.3 | |
| elog | elog | 2.2.0 | |
| elog | elog | 2.2.1 | |
| elog | elog | 2.2.2 | |
| elog | elog | 2.2.3 | |
| elog | elog | 2.2.4 | |
| elog | elog | 2.2.5 | |
| elog | elog | 2.3.0 | |
| elog | elog | 2.3.1 | |
| elog | elog | 2.3.2 | |
| elog | elog | 2.3.3 | |
| elog | elog | 2.3.4 | |
| elog | elog | 2.3.5 | |
| elog | elog | 2.3.6 | |
| elog | elog | 2.3.7 | |
| elog | elog | 2.3.8 | |
| elog | elog | 2.3.9 | |
| elog | elog | 2.4.0 | |
| elog | elog | 2.4.1 | |
| elog | elog | 2.5.0 | |
| elog | elog | 2.5.1 | |
| elog | elog | 2.5.2 | |
| elog | elog | 2.5.3 | |
| elog | elog | 2.5.4 | |
| elog | elog | 2.5.5 | |
| elog | elog | 2.5.6 | |
| elog | elog | 2.5.7 | |
| elog | elog | 2.5.8 | |
| elog | elog | 2.5.9 | |
| elog | elog | 2.6.0 | |
| elog | elog | 2.6.1 | |
| elog | elog | 2.6.2 | |
| elog | elog | 2.6.3 | |
| elog | elog | 2.6.4 | |
| elog | elog | 2.6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elog:elog:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5B281C-756F-4730-B988-129D5D5ED9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFEE69C0-8B08-4BCD-B388-7356E84466B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE73E755-EA42-4BDE-A6CC-E72658FD1A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8249E7-DCF1-463D-BD6B-07B621E82EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6466-3E39-4502-AA3D-BEFDE016F759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "121FC6FD-EA8D-43F0-9F2B-21FE4D56A8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A50F1799-7D13-48E3-83FB-9413BEC6AF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E35B5A4E-FDEB-4A9D-B3CC-4025F215FED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3589711E-612A-4C7A-A447-6190F5B988F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A43AAE0-7F48-4CAE-A669-A24902CE4D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A9DAE4-A22A-45E8-9259-393FF0DFB3D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E24350-DAB6-4D46-BB8C-BA127ADEAC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55A2F36E-B9EB-4D1F-93FB-4518A18E77B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80BB7A6F-CF02-4557-9EA3-977C160E0C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26EB6E8F-24B5-4BA8-8ED6-3843ABE3E9DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "48420EC7-FC95-448D-912F-6BB9D2C0C084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8E5F55-AC2C-4844-8671-F8D7CA812F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2A6942-5B5C-4622-BF2C-D69941250269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30AC66A-5BC9-4FA9-A8FB-4699FFDFA5CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F201C0-9AE3-4BB1-A744-CEB928534A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F97A2D31-B3C8-4A2D-9296-0D9FAE55F109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "610F7CC0-63F7-41C9-BC41-B9A20BD9A022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B671811E-E214-44CC-B2C5-89FA83B21A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B6187A-3335-4D89-B8F0-A4EAD8E88498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA5C490-0487-4759-9274-844C5C6C8F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F595EE-5852-4808-9003-42BC80DB7477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E51017F-A270-4406-947E-D13857FE325C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9BF705-D6E5-42E4-AA3B-0D05D3E269C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC9A579-D75A-41FD-82CD-79ED098F448E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "73206777-B2E7-46E8-862C-FBF429A42C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C96FD4C-1CBE-4BFB-A39B-0F64C9E96B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5A2D83-B941-4A6E-842F-FDBCBBE670B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D6A4B7-ADDB-4A28-B22B-A1A1DD811F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB7B94F8-688E-46BC-B390-3EDF54F050F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CBB6D1D-698C-4A9B-9F6A-E10F6E730DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBBE3368-77D3-4A61-A65B-F2096BF95823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39CBB4E1-91D5-4267-9E1D-0A82678489DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49C63CDB-1192-4A07-85E7-03F81909D6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "130EC88D-5245-42DB-AB4A-71C9AF44CC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC05390-FE1B-47D0-8AC4-AFDFF40C6DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15AD984D-3F11-4EFF-A653-D24221A2008F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC35EE0-08E3-406E-B866-F8691D9E69E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "398E385D-AE8B-4600-87E8-177130B0F414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97A00A3F-137A-4204-AA47-E55D71374672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2B702F-EED9-4DAB-AD45-502F44D1748C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E36E4839-FD1D-418A-8F62-88C39E378F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D52BB1B-D26F-44B7-B139-5B5F2D3F1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A949E7C5-527E-467E-B91D-54B2D90A3893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "350EA9F1-3FF4-4880-81AD-483B1CDBEA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B9A416-DB7F-4F13-B3E7-9DFA387D4656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D34F07F-8017-43D0-9750-03B6103B622E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CED236A-63A2-43D7-9C9D-6C9107D2CE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "334D4A05-FB4A-4463-9978-0E59325EDDEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EC55AF-21A6-406C-B02E-9DA668DB6B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03CBEF0B-74ED-439A-8DC2-EEB76F48FB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E013834E-8725-49B0-8544-D383A5A03166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3A659097-9731-440C-9065-C04E6AC5C855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "565BF8F2-C8B1-4933-882F-7ADA522F25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "296F9E95-95BF-4F63-B601-6820C5CBC237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6E8A41-2AA2-4757-826A-8122E9002476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8C5A99-E5A7-4650-92ED-116AFF7EDC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "97BD7090-ACE3-4D24-8765-38467B3F2E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96675B57-21EC-41AD-9E57-A1A0A93E6B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD45019-5174-4173-B7A3-272F2890D53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "31EAE462-E18C-494F-B0BC-F8C21D883BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66257524-9911-4625-8562-6D8FC6A378DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57638FC4-791C-4060-B91B-32C679945B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elog:elog:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F10C8B-6F2E-4F76-B74C-C04EB78E5B4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Electronic Logbook (ELOG) anterior a 2.7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el par\u00e1metro subtext a componentes no especificados."
}
],
"id": "CVE-2008-0444",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-25T00:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://midas.psi.ch/elog/download/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41681"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28589"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27399"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://midas.psi.ch/elog/download/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39828"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}