VYPR
Unrated severityNVD Advisory· Published Oct 3, 2025· Updated Oct 3, 2025

Emlog Pro is vulnerable to stored XSS attack through HTML template injection

CVE-2025-61597

Description

Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting (XSS) via the mail template settings. Once a malicious payload is saved, any subsequent visit to the settings page in an authenticated admin context will execute attacker‑controlled JavaScript, enabling session/token theft and full admin account takeover. This issue is fixed in version 2.5.22.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Emlog/Emlogllm-fuzzy2 versions
    <=2.5.21+ 1 more
    • (no CPE)range: <=2.5.21
    • (no CPE)range: < 2.5.22

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.