Emlog is a PHP and MySQL-based blog and content knowledge management system that seeks a fast, stable, simple and comfortable website building experience. a cross-site scripting vulnerability exists in Emlog pro-1.0.7 and prior versions. The vulnerability stems from the fact that Emlog does not effectively filter parameter input. An attacker can inject arbitrary web script or html through s parameter to compromise site security.