CVE-2025-53926

Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS requires the victim to send POST requests, therefore the victim must be persuaded into clicking into sent URL. As of time of publication, no known patched versions exist.
Configurations

No configuration.

History

17 Jul 2025, 21:15

Type Values Removed Values Added
Summary
  • (es) Emlog es un sistema de código abierto para la creación de sitios web. Una vulnerabilidad de cross-site scripting (XSS) en emlog, hasta la versión pro-2.5.17 incluida, permite a atacantes remotos inyectar código web o HTML arbitrario mediante los parámetros comment y comname. El XSS reflejado requiere que la víctima envíe solicitudes POST, por lo que debe ser persuadida para que haga clic en la URL enviada. Al momento de la publicación, no se conocían versiones parcheadas.

16 Jul 2025, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-16 16:15

Updated : 2025-07-17 21:15


NVD link : CVE-2025-53926

Mitre link : CVE-2025-53926

CVE.ORG link : CVE-2025-53926


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')