Emlog Stored Cross-Site Scripting Vulnerability in Comment Management

A stored cross-site scripting vulnerability has been identified in Emlog version 2.5.13. This issue allows any registered user to inject malicious JavaScript that is executed when other users click on it. The vulnerability resides in the comment management section, specifically within the 'perpage_num' parameter of 'admin/comment.php'. This parameter is not properly validated before being saved to the 'admin_commend_perpage_num' field in the 'emlog_options' database table. The lack of output filtering enables the direct execution of injected scripts.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, register as a user and log in. Then, navigate to 'admin/comment.php' and append a crafted URL that includes a malicious script in the 'perpage_num' parameter. Once the page is loaded, the injected script will execute when the comment function is accessed.