CNNVD-202510-471 Information

CNNVD ID

CNNVD-202510-471

Related CVE

CVE-2025-60448

• CNNVD Published: 2025-10-03

Description (Chinese)

Emlog Pro是Emlog开源的一个博客系统。 Emlog Pro 2.5.19版本存在安全漏洞，该漏洞源于对SVG文件上传验证不足，可能导致存储型跨站脚本攻击。

Description (English)

Emlog Pro is a blog system open to Emlog. There is a security loophole in version Emlog Pro 2.5.19, which results from inadequate upload verification of SVG files and may lead to storage-type cross-site script attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Emlog

Published

2025-10-03

Last Modified

2026-02-24

References

https://snowhy77.github.io/2025/08/21/SVG-File-Upload-XSS-Vulnerability-in-Emlog-Pro/

Patch

https://github.com/emlog/emlog/releases