Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload an .svg file that contains JavaScript code that is later executed. As of time of publication, no known patched versions exist.
References
Configurations
No configuration.
History
17 Jul 2025, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Jul 2025, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-07-16 15:15
Updated : 2025-07-17 21:15
NVD link : CVE-2025-53925
Mitre link : CVE-2025-53925
CVE.ORG link : CVE-2025-53925
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')