Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS requires the victim to send POST requests, therefore the victim must be persuaded into clicking into sent URL. As of time of publication, no known patched versions exist.
References
Configurations
No configuration.
History
17 Jul 2025, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Jul 2025, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-07-16 16:15
Updated : 2025-07-17 21:15
NVD link : CVE-2025-53926
Mitre link : CVE-2025-53926
CVE.ORG link : CVE-2025-53926
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')