CVE-2026-21432

Medium CVSS: 6.8

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available.

Vendor

Emlog

Product

Emlog

CWE

CWE-79

Yayın Tarihi

2026-01-02 19:15:48

Güncelleme

2026-01-16 17:13:09

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Emlog MEDIUM Emlog 2026

Referanslar

https://github.com/emlog/emlog/security/advisories/GHSA-4rxf-mjqx-c464

Benzer Kayıtlar

Unknown

CVE-2026-31954

Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lac…

Critical

CVE-2026-22799

Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-a…

High

CVE-2026-21433

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-o…

High

CVE-2026-21430

Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cros…

Low

CVE-2026-21431

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `…

Medium

CVE-2026-21429

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable…