Emlog Stored Cross-Site Scripting Vulnerability in Mail Template Settings

A stored cross-site scripting vulnerability has been identified in Emlog versions through 2.5.21. This issue arises from an HTML template injection in the mail template settings, which allows the execution of attacker-controlled JavaScript in the context of an authenticated admin. The vulnerability could lead to session or token theft and a complete takeover of the admin account.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the admin context. This could result in session or token theft, full admin account takeover, and the execution of privileged actions on behalf of the admin, such as creating users or changing settings.

Reproduction

To reproduce this vulnerability, log in as an admin and navigate to the mail settings page. In the template editor, insert a payload, such as an image tag with an 'onerror' event, and save it. Once the payload is saved, any subsequent visit to the settings page will execute the injected JavaScript, demonstrating the cross-site scripting vulnerability.

Remediation

Users are advised to update to Emlog version 2.5.22, where this vulnerability has been fixed.