← back
CVE-2025-53926

Emlog has Stored Cross-site Scripting vulnerability due to error

CVSS 6.1 MEDIUMEPSS 0.3%CWE-79
Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS requires the victim to send POST requests, therefore the victim must be persuaded into clicking into sent URL. As of time of publication, no known patched versions exist.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
emlog · emlog

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/emlog/emlog/security/advisories/GHSA-g8jx-pj5p-fm3x