Primary

Context

Emlog Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Emlog versions prior to pro-2.5.17. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML into the keyword parameter, due to insufficient input sanitization. Exploitation of this issue could enable the execution of injected JavaScript in the browser of an admin user.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, first create a malicious URL that includes injected JavaScript or HTML in the keyword parameter. This can be done by crafting a link that, when clicked, will execute the injected script, such as an image tag with an 'onerror' event. Once the URL is prepared, persuade an admin user to click on the link. The injected JavaScript will then execute in the user's browser.

Added: Jul 16, 2025, 3:04 PM

Updated: Jul 16, 2025, 3:04 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

7.9

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

7.9

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Emlog Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Emlog

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating