907 matches found
CVE-2022-23379
Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid...
CVE-2022-23872
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /admin/configure.php via the parameter footerinfo...
CVE-2022-42189
Emlog Pro 1.6.0 plugins upload suffers from a remote code execution RCE vulnerability...
CVE-2019-16868
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dellallbak request with directory traversal sequences in the bak parameter...
CVE-2026-21433
Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...
CVE-2026-21432
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available...
CVE-2026-21430
Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...
CVE-2026-21431
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...
CVE-2026-21429
Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...
CVE-2026-21432
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available...
CVE-2026-21433
Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...
CVE-2026-21430
Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...
CVE-2026-21431
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...
CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF)
Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...
EUVD-2026-0754
Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...
CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF)
Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...
CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF)
Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...
CVE-2026-21433
Summary: CVE-2026-21433 affects Emlog up to v2.5.19. The vulnerability is a server-side SSRF/OOB via uploaded SVG files. An attacker can upload a crafted SVG to /admin/media.php; when Emlog processes or renders the SVG (thumbnailing/preview/sanitization), the server issues an HTTP request to an a...
EUVD-2026-0755
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available...
CVE-2026-21432 Emlog has stored Cross-site Scripting issue that can lead to admin or another account ATO
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available...