CNNVD-202510-535 Information

CNNVD ID

CNNVD-202510-535

Related CVE

CVE-2025-61599

• CNNVD Published: 2025-10-03

Description (Chinese)

Emlog Pro是Emlog开源的一个博客系统。 Emlog Pro 2.5.21及之前版本存在跨站脚本漏洞，该漏洞源于Twitter功能未正确验证输入，可能导致存储型跨站脚本攻击。

Description (English)

Emlog Pro is a blog system open to Emlog. Emlog Pro 2.5.21 and previous versions had a cross-site script loophole, which stemmed from the incorrect validation of input by the Twitter function and could lead to a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Emlog

Published

2025-10-03

Last Modified

2026-02-24

References

https://github.com/emlog/emlog/security/advisories/GHSA-rm5c-mjpg-vm89

Patch

https://github.com/emlog/emlog/releases