11 matches found
CVE-2026-21429
Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...
CVE-2026-21429
CVE-2026-21429 affects Emlog (open-source PHP/MySQL CMS); specifically version 2.5.23 where an admin-configured control allows users to be prevented from editing or deleting published articles. Root cause: broken access control enabling post-publish restrictions. Impact as stated: users cannot ed...
CVE-2026-21429 Emlog has Broken Access Control (BAC)
Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...
PT-2026-1113
Name of the Vulnerable Software and Affected Versions Emlog version 2.5.23 Description Emlog is a website building system. In version 2.5.23, administrators can configure controls that prevent users from editing or deleting their articles after they are published. No patched versions are currentl...
CVE-2024-50655
emlog pro =2.3.18 is vulnerable to Cross Site Scripting XSS, which allows attackers to write malicious JavaScript code in published articles...
CVE-2024-50655
emlog pro =2.3.18 is vulnerable to Cross Site Scripting XSS, which allows attackers to write malicious JavaScript code in published articles...
CVE-2024-50655
CVE-2024-50655 affects emlog pro versions
PT-2024-34383 · Emlog Pro · Emlog Pro
Name of the Vulnerable Software and Affected Versions: emlog pro versions 2.3.18 and earlier Description: The issue allows attackers to write malicious JavaScript code in published articles, potentially leading to Cross Site Scripting XSS attacks. Recommendations: For emlog pro versions 2.3.18 an...
CVE-2024-50655
emlog pro =2.3.18 is vulnerable to Cross Site Scripting XSS, which allows attackers to write malicious JavaScript code in published articles...
CVE-2018-12429
JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie...
Stored Cross-Site Scripting Vulnerability at jeecms Published Articles
JEECMS is a content management system developed by Jiangxi Jinlei Technology Development Co., Ltd. that supports WeChat applet, WeChat public number/service number, column model, cross-customization of content model, as well as with payment and financial settlement. A stored cross-site scripting...