CVE-2025-61769 LOW

CVE-2025-61769: Emlog vulnerable to stored XSS in file upload functionality in emlog

Vendor Emlog
Product emlog
Weakness CWE-79 · XSS
Published October 6, 2025
Last update October 6, 2025

CVSS base score

2.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

What the vulnerability does

01Description

Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including version 2.5.22 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload .svg file that contains JavaScript code that is later being executed. Commit 052f9c4226b2c0014bcd857fec47677340b185b1 fixes the issue.

Key dates

02Disclosure timeline

October 6, 2025 CVE published
October 6, 2025 Record updated