SUSE SLES15 Security Update : go1.26-openssl (SUSE-SU-2026:2092-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2092-1 advisory. This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME...

October CMS Has Stored XSS In Event Log Mail Preview

A stored cross-site scripting XSS vulnerability was identified in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. Impact - Stored XSS via mail...

GHSA-J4J5-9X6G-RGXC October CMS has Stored XSS in Event Log Mail Preview

A stored cross-site scripting XSS vulnerability was identified in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. Impact - Stored XSS via mail...

EUVD-2016-8693

Malware in sbrugna...

CVE-2025-61597

Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting XSS via the mail template settings. Once a malicious payload is saved, any subsequent visit to the settings page in an authenticated admin context will...

EUVD-2022-40925

Malicious code in bioql PyPI...

CVE-2025-60447

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to...

CVE-2025-61597

CVE-2025-61597 (Emlog) is a stored XSS vulnerability in Emlog 2.5.21 and earlier caused by HTML template injection in the mail template settings. In an authenticated admin session, saving a malicious payload can cause attacker‑controlled JavaScript to execute on subsequent visits to the settings ...

CVE-2025-61597 Emlog Pro is vulnerable to stored XSS attack through HTML template injection

Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting XSS via the mail template settings. Once a malicious payload is saved, any subsequent visit to the settings page in an authenticated admin context will...

CVE-2025-61597 Emlog Pro is vulnerable to stored XSS attack through HTML template injection

Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting XSS via the mail template settings. Once a malicious payload is saved, any subsequent visit to the settings page in an authenticated admin context will...

CVE-2025-60447

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to...

PT-2025-40460

Name of the Vulnerable Software and Affected Versions Emlog versions 2.5.21 and below Description Emlog is a website building system. A flaw exists where a malicious payload can be saved through the mail template settings, leading to stored cross-site scripting XSS. When an attacker saves malicio...

CVE-2024-27186

The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions...

CVE-2020-1961

Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution RCE was discovered...

Craft CMS Arbitrary System File Read

Summary By abusing the mail notification template it is possible to read arbitrary operating system files. Details The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, an...

Joomla! 5.x < 5.1.3 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.17, 4.x prior to 4.4.7 or 5.x prior to 5.1.3. It is, therefore, affected by multiple vulnerabilities. - The stripImages and stripIframes methods didn't properly process inputs,...

Joomla! 3.x < 3.10.17 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.17, 4.x prior to 4.4.7 or 5.x prior to 5.1.3. It is, therefore, affected by multiple vulnerabilities. - The stripImages and stripIframes methods didn't properly process inputs,...

Joomla 3.0.x < 3.10.17 / 4.0.x < 4.4.7 / 5.0.x < 5.1.3 Multiple Vulnerabilities (5910-joomla-5-1-3-and-4-4-7-security-and-bug-fix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.0.x prior to 3.10.17, 4.0.x prior to 4.4.7, or 5.0.x prior to 5.1.3. It is, therefore, affected by multiple vulnerabilities. - Inadequate validation of URLs could result into an invalid check...

CVE-2024-27186

The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions...

CVE-2024-27186

The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions...