CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code into siteurl parameter...

6.9CVSS0.0018EPSS

Exploits1References1

Vulnrichment•added 2025/07/16 1:55 p.m.•2 views

CVE-2025-53924 Emlog vulnerable to stored Cross-site Scripting in links functionality

6.9CVSS5.6AI score0.0018EPSS

Exploits1References1

CVE•added 2025/07/16 1:55 p.m.•7 views

CVE-2025-53924

Summary: CVE-2025-53924 affects Emlog up to and including pro-2.5.17. The vulnerability is a cross-site scripting (XSS) flaw in the siteurl parameter that authenticated attackers can abuse to inject arbitrary script/HTML, resulting in Stored XSS when a link is clicked. The available connected doc...

6.9CVSS5.3AI score0.0018EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/07/16 1:55 p.m.•5 views

CVE-2025-53924 Emlog vulnerable to stored Cross-site Scripting in links functionality

6.9CVSS0.0018EPSS

Exploits1References1

OSV•added 2025/07/16 1:55 p.m.•2 views

CVE-2025-53924 Emlog vulnerable to stored Cross-site Scripting in links functionality

6.9CVSS5.6AI score0.0018EPSS

Exploits1References3

CNNVD•added 2025/07/16 12:0 a.m.•1 views

emlog 安全漏洞

emlog is emlog open source a PHP and MySQL based CMS website building system. A security vulnerability exists in emlog pro-2.5.17 and earlier versions, which stems from insufficient cleanup of the siteurl parameter, and could lead to an authenticated remote attacker injecting stored cross-site...

6.9CVSS6.2AI score0.0018EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 10:31 a.m.•6 views

CVE-2024-44920

A cross-site scripting XSS vulnerability in the component admincollectnews.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter...

6.1CVSS5.8AI score0.00286EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 6:42 p.m.•8 views

CVE-2021-36601

GetSimpleCMS 3.3.16 contains a cross-site Scripting XSS vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter...

6.1CVSS6AI score0.00293EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:20 a.m.•6 views

CVE-2019-15771

The nd-shortcodes plugin before 6.0 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...

6.1CVSS7AI score0.00342EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by