Lucene search
K

417 matches found

NVD
NVD
added 2025/10/03 7:15 a.m.19 views

CVE-2025-61599

Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...

5.4CVSS0.00189EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/03 6:27 a.m.6 views

CVE-2025-61599 Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input

Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...

5.1CVSS5.2AI score0.00189EPSS
Exploits1References1
OSV
OSV
added 2025/10/03 6:27 a.m.8 views

CVE-2025-61599 Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input

Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...

5.1CVSS5.7AI score0.00189EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/03 6:27 a.m.11 views

CVE-2025-61599 Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input

Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...

5.1CVSS0.00189EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/03 6:16 a.m.6 views

CVE-2025-61597 Emlog Pro is vulnerable to stored XSS attack through HTML template injection

Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting XSS via the mail template settings. Once a malicious payload is saved, any subsequent visit to the settings page in an authenticated admin context will...

7.6CVSS0.00227EPSS
Exploits1References2
OSV
OSV
added 2025/10/03 6:16 a.m.7 views

CVE-2025-61597 Emlog Pro is vulnerable to stored XSS attack through HTML template injection

Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting XSS via the mail template settings. Once a malicious payload is saved, any subsequent visit to the settings page in an authenticated admin context will...

7.6CVSS6.3AI score0.00227EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/03 6:16 a.m.2 views

CVE-2025-61597 Emlog Pro is vulnerable to stored XSS attack through HTML template injection

Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting XSS via the mail template settings. Once a malicious payload is saved, any subsequent visit to the settings page in an authenticated admin context will...

7.6CVSS5.8AI score0.00227EPSS
Exploits1References2
CVE
CVE
added 2025/10/03 6:16 a.m.16 views

CVE-2025-61597

CVE-2025-61597 (Emlog) is a stored XSS vulnerability in Emlog 2.5.21 and earlier caused by HTML template injection in the mail template settings. In an authenticated admin session, saving a malicious payload can cause attacker‑controlled JavaScript to execute on subsequent visits to the settings ...

7.6CVSS5.8AI score0.00227EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.7 views

PT-2025-40461

Name of the Vulnerable Software and Affected Versions Emlog Pro versions 2.5.21 and below Description A stored Cross-Site Scripting XSS issue exists in the "Twitter" feature. An authenticated user with posting privileges can inject arbitrary JavaScript code. The malicious script is stored on the...

5.1CVSS5.5AI score0.00189EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/10/03 12:0 a.m.7 views

CVE-2025-60448

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when th...

0.00213EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.4 views

Emlog Pro 安全漏洞

Emlog Pro is an Emlog open source blogging system. A security vulnerability exists in Emlog Pro version 2.5.19, which stems from insufficient validation of SVG file uploads and could lead to a stored cross-site scripting attack...

6.1CVSS5.9AI score0.00213EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.5 views

Emlog Pro 安全漏洞

Emlog Pro is a blogging system from Emlog Open Source. A security vulnerability exists in Emlog Pro version 2.5.19, which stems from an email template configuration component that does not properly clean up its HTML code and could lead to a stored cross-site scripting attack...

5.9CVSS6AI score0.0024EPSS
Exploits1References1
OSV
OSV
added 2025/10/03 12:0 a.m.8 views

CVE-2025-60447

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to...

5.9CVSS6.1AI score0.0024EPSS
Exploits1References3
OSV
OSV
added 2025/10/03 12:0 a.m.3 views

CVE-2025-60448

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when th...

6.1CVSS6.1AI score0.00213EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/03 12:0 a.m.3 views

CVE-2025-60447

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to...

5.7AI score0.0024EPSS
Exploits1References1
CVE
CVE
added 2025/10/03 12:0 a.m.9 views

CVE-2025-60448

CVE-2025-60448 affects Emlog Pro 2.5.19; stored XSS via SVG uploads in /admin/media.php due to insufficient validation. Exploitation could occur when malicious SVGs are viewed. Affected component is the SVG upload handler; no fix version is stated in the sources. PT Security notes no information ...

6.1CVSS5.7AI score0.00213EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.4 views

PT-2025-40526

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.19 Description A stored Cross-Site Scripting XSS issue exists due to inadequate validation of SVG file uploads within the /admin/media.php component. This allows attackers to upload malicious SVG files containing JavaScri...

6.1CVSS5.8AI score0.00213EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/03 12:0 a.m.2 views

CVE-2025-60448

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when th...

5.7AI score0.00213EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.6 views

PT-2025-40525

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.19 Description A stored Cross-Site Scripting XSS issue has been identified. The vulnerability is located in the email template configuration component at the /admin/setting.php?action=mail API endpoint. This allows...

5.9CVSS6.2AI score0.0024EPSS
Exploits1References3
CVE
CVE
added 2025/10/03 12:0 a.m.13 views

CVE-2025-60447

CVE-2025-60447 describes a stored XSS in Emlog Pro 2.5.19, in the email template configuration page (/admin/setting.php?action=mail). User input HTML is not sanitized, allowing persistent JavaScript execution. Connected advisories (Red Hat, CVE listings, PT Security) corroborate the issue and sug...

5.9CVSS5.7AI score0.0024EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder