CVE-2025-53926 MEDIUM

CVE-2025-53926: Emlog has Stored Cross-site Scripting vulnerability due to error

Vendor Emlog

Product emlog

Weakness CWE-79 · XSS

Published July 16, 2025

Last update July 16, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS requires the victim to send POST requests, therefore the victim must be persuaded into clicking into sent URL. As of time of publication, no known patched versions exist.

Key dates

02Disclosure timeline

July 16, 2025 CVE published

July 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-53926

Related vulnerabilities

04Related CVE

CVE-2024-52465 WordPress LGPD Framework plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-29206 org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins CVE-2025-6353 code-projects Responsive Blog search.php cross site scripting CVE-2026-23847 SiYuan Vulnerable to Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon CVE-2026-4790 Premium Addons for Elementor <= 4.11.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_svg' Parameter