Emlog

Emlog

86 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-61599

Exploit
  • EPSS 0.02%
  • Veröffentlicht 03.10.2025 06:27:46
  • Zuletzt bearbeitet 08.10.2025 15:26:35

Emlog is an open source website building system. A stored Cross-Site Scripting (XSS) vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary Ja...

5.4

CVE-2025-61597

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.10.2025 06:16:14
  • Zuletzt bearbeitet 20.10.2025 17:50:24

Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting (XSS) via the mail template settings. Once a malicious payload is saved, any subsequent visit to the settings...

6.1

CVE-2025-60448

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.10.2025 00:00:00
  • Zuletzt bearbeitet 08.10.2025 15:21:30

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files...

5.9

CVE-2025-60447

Exploit
  • EPSS 0.04%
  • Veröffentlicht 03.10.2025 00:00:00
  • Zuletzt bearbeitet 08.10.2025 15:25:42

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML cod...

9.8

CVE-2025-9296

Exploit
  • EPSS 0.06%
  • Veröffentlicht 21.08.2025 11:32:06
  • Zuletzt bearbeitet 12.09.2025 13:10:41

A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.php?action=update_avatar. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch...

7.2

CVE-2025-44139

Exploit
  • EPSS 0.09%
  • Veröffentlicht 01.08.2025 00:00:00
  • Zuletzt bearbeitet 13.08.2025 15:00:26

Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip

6.1

CVE-2025-53926

Exploit
  • EPSS 0.04%
  • Veröffentlicht 16.07.2025 15:37:44
  • Zuletzt bearbeitet 14.08.2025 20:37:42

Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS r...

5.4

CVE-2025-53925

Exploit
  • EPSS 0.03%
  • Veröffentlicht 16.07.2025 14:21:42
  • Zuletzt bearbeitet 14.08.2025 20:38:06

Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an ...

4.8

CVE-2025-53924

Exploit
  • EPSS 0.05%
  • Veröffentlicht 16.07.2025 13:55:57
  • Zuletzt bearbeitet 18.07.2025 15:15:28

Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible...

6.1

CVE-2025-53923

Exploit
  • EPSS 0.05%
  • Veröffentlicht 16.07.2025 13:53:11
  • Zuletzt bearbeitet 22.07.2025 15:15:37

Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization ...