VYPR
Unrated severityNVD Advisory· Published May 15, 2025· Updated May 19, 2025

Emlog vulnerable to Stored Cross-site Scripting

CVE-2025-47786

Description

Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered user to construct malicious JavaScript, inducing all website users to click. In /admin/comment.php, the parameter perpage_num is not validated and is directly stored in the admin_commend_perpage_num field of the emlog_options table in the database. Moreover, the output is not filtered, resulting in the direct output of malicious code. As of time of publication, it is unclear if a patch exists.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Emlog/Emlogllm-fuzzy2 versions
    = 2.5.13+ 1 more
    • (no CPE)range: = 2.5.13
    • (no CPE)range: = 2.5.13

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.