905 matches found
EUVD-2026-0755
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available...
CVE-2026-21432 Emlog has stored Cross-site Scripting issue that can lead to admin or another account ATO
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available...
CVE-2026-21431 Emlog vulnerable to stored Cross-site Scripting via image name
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...
CVE-2026-21431 Emlog vulnerable to stored Cross-site Scripting via image name
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...
CVE-2026-21431
CVE-2026-21431 affects Emlog, an open source website-building system. Multiple sources confirm a stored cross-site scripting vulnerability in the Resource media library function when publishing an article, specifically in version 2.5.23. The available reports indicate no patched versions at time ...
EUVD-2026-0756
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...
CVE-2026-21431 Emlog vulnerable to stored Cross-site Scripting via image name
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...
CVE-2026-21430 Emlog: CSRF chained with stored XSS leads to ATO
Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...
CVE-2026-21430 Emlog: CSRF chained with stored XSS leads to ATO
Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...
EUVD-2026-0757
Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...
CVE-2026-21430 Emlog: CSRF chained with stored XSS leads to ATO
Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...
CVE-2026-21430
CVE-2026-21430 concerns Emlog, an open source website builder. The issue, reported in version 2.5.23, is a CSRF flaw in the article creation function. An attacker could force a user to publish an article containing arbitrary content, and when combined with stored XSS, this can lead to an account ...
CVE-2026-21429
Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...
CVE-2026-21429 Emlog has Broken Access Control (BAC)
Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...
CVE-2026-21429 Emlog has Broken Access Control (BAC)
Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...
CVE-2026-21429
CVE-2026-21429 affects Emlog (open-source PHP/MySQL CMS); specifically version 2.5.23 where an admin-configured control allows users to be prevented from editing or deleting published articles. Root cause: broken access control enabling post-publish restrictions. Impact as stated: users cannot ed...
EUVD-2026-0752
Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...
CVE-2026-21429 Emlog has Broken Access Control (BAC)
Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...
PT-2026-1117
Name of the Vulnerable Software and Affected Versions Emlog version 2.5.23 Description Emlog version 2.5.23’s article creation functionality is susceptible to cross-site request forgery CSRF. This allows an attacker to force a user to post an article containing arbitrary content. When combined wi...
emlog 代码问题漏洞
emlog is emlog open source PHP and MySQL based on a set of CMS site building system . A code issue vulnerability exists in Emlog 2.5.19 and prior versions, which stems from an out-of-band server-side request or a server-side request forgery by uploading an SVG file that could lead to probing the...