VYPR

Emlog

by Emlog

Source repositories

CVEs (86)

  • CVE-2026-22799Jan 12, 2026
    risk 0.00cvss epss 0.01

    Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-api=upload) for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers…

  • CVE-2026-21433Jan 2, 2026
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/media[.]php which contains external resource…

  • CVE-2026-21432Jan 2, 2026
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available.

  • CVE-2026-21431Jan 2, 2026
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `Resource media library ` function while publishing an article. As of time of publication, no known patched versions are available.

  • CVE-2026-21430Jan 2, 2026
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery (CSRF). This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with…

  • CVE-2025-61318Dec 8, 2025
    risk 0.00cvss epss 0.01

    Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to…

  • CVE-2025-62717Oct 24, 2025
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been…

  • CVE-2025-61930Oct 10, 2025
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the…

  • CVE-2025-61769Oct 6, 2025
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including version 2.5.22 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is…

  • CVE-2025-61599Oct 3, 2025
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. A stored Cross-Site Scripting (XSS) vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious…

  • CVE-2025-61597Oct 3, 2025
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting (XSS) via the mail template settings. Once a malicious payload is saved, any subsequent visit to the settings page in an authenticated…

  • CVE-2025-60448Oct 3, 2025
    risk 0.00cvss epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code…

  • CVE-2025-44139Aug 1, 2025
    risk 0.00cvss epss 0.01

    Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip

  • CVE-2025-53926Jul 16, 2025
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS requires the victim to send…

  • CVE-2025-53925Jul 16, 2025
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is…

  • CVE-2025-53924Jul 16, 2025
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code…

  • CVE-2025-53923Jul 16, 2025
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization it is possible to inject…

  • CVE-2025-47786May 15, 2025
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered user to construct malicious JavaScript, inducing all website users to click. In `/admin/comment.php`, the parameter `perpage_num` is not…

  • CVE-2025-47785May 15, 2025
    risk 0.00cvss epss 0.01

    Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this…

  • CVE-2025-47787May 15, 2025
    risk 0.00cvss epss 0.01

    Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This…

Page 2 of 5