Medium severity6.1NVD Advisory· Published Apr 3, 2026· Updated Apr 13, 2026

CVE-2026-34229

Description

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting (XSS) vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8.

Affected products

Emlog/Emlog
cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*
Range: <2.6.8

Patches

a12ab1b1a273

https://github.com/emlog/emlogvia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/emlog/emlog/commit/a12ab1b1a273fe634abab32fd28274c18bd57f07nvdPatch
github.com/emlog/emlog/security/advisories/GHSA-74gp-xh6w-hqw6nvdExploitVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000