417 matches found
CVE-2025-61599
Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...
CVE-2025-61599 Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input
Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...
CVE-2025-61599 Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input
Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...
CVE-2025-61599 Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input
Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...
CVE-2025-61597 Emlog Pro is vulnerable to stored XSS attack through HTML template injection
Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting XSS via the mail template settings. Once a malicious payload is saved, any subsequent visit to the settings page in an authenticated admin context will...
CVE-2025-61597 Emlog Pro is vulnerable to stored XSS attack through HTML template injection
Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting XSS via the mail template settings. Once a malicious payload is saved, any subsequent visit to the settings page in an authenticated admin context will...
CVE-2025-61597 Emlog Pro is vulnerable to stored XSS attack through HTML template injection
Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting XSS via the mail template settings. Once a malicious payload is saved, any subsequent visit to the settings page in an authenticated admin context will...
CVE-2025-61597
CVE-2025-61597 (Emlog) is a stored XSS vulnerability in Emlog 2.5.21 and earlier caused by HTML template injection in the mail template settings. In an authenticated admin session, saving a malicious payload can cause attacker‑controlled JavaScript to execute on subsequent visits to the settings ...
PT-2025-40461
Name of the Vulnerable Software and Affected Versions Emlog Pro versions 2.5.21 and below Description A stored Cross-Site Scripting XSS issue exists in the "Twitter" feature. An authenticated user with posting privileges can inject arbitrary JavaScript code. The malicious script is stored on the...
CVE-2025-60448
A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when th...
Emlog Pro 安全漏洞
Emlog Pro is an Emlog open source blogging system. A security vulnerability exists in Emlog Pro version 2.5.19, which stems from insufficient validation of SVG file uploads and could lead to a stored cross-site scripting attack...
Emlog Pro 安全漏洞
Emlog Pro is a blogging system from Emlog Open Source. A security vulnerability exists in Emlog Pro version 2.5.19, which stems from an email template configuration component that does not properly clean up its HTML code and could lead to a stored cross-site scripting attack...
CVE-2025-60447
A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to...
CVE-2025-60448
A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when th...
CVE-2025-60447
A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to...
CVE-2025-60448
CVE-2025-60448 affects Emlog Pro 2.5.19; stored XSS via SVG uploads in /admin/media.php due to insufficient validation. Exploitation could occur when malicious SVGs are viewed. Affected component is the SVG upload handler; no fix version is stated in the sources. PT Security notes no information ...
PT-2025-40526
Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.19 Description A stored Cross-Site Scripting XSS issue exists due to inadequate validation of SVG file uploads within the /admin/media.php component. This allows attackers to upload malicious SVG files containing JavaScri...
CVE-2025-60448
A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when th...
PT-2025-40525
Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.19 Description A stored Cross-Site Scripting XSS issue has been identified. The vulnerability is located in the email template configuration component at the /admin/setting.php?action=mail API endpoint. This allows...
CVE-2025-60447
CVE-2025-60447 describes a stored XSS in Emlog Pro 2.5.19, in the email template configuration page (/admin/setting.php?action=mail). User input HTML is not sanitized, allowing persistent JavaScript execution. Connected advisories (Red Hat, CVE listings, PT Security) corroborate the issue and sug...