Emlog is an open source website building system. A stored Cross-Site Scripting (XSS) vulnerability exists in the 'Twitter' feature of Emlog Pro 2.5.21 and below. An authenticated user with privileges to post a 'Twitter' message can inject arbitrary JavaScript code. The malicious script is stored on the server and gets executed in the browser of any user, including administrators, when they click on the malicious post to view it. This issue does not currently have a fix.
CVE-2025-61599
🟡 Medium
CVE-2025-61599: Stored XSS in Emlog Pro
A stored XSS vulnerability exists in Emlog Pro 2.5.21 and below. Authenticated users can post malicious scripts that execute in any user's browser.
CVE ID
CVE-2025-61599
CVSS Score
5.4
Vendor
emlog pro
Published
Oct 03
Vulnerability Details
- CVE ID
- CVE-2025-61599
- Severity
- Medium
- CVSS v3 Score
- 5.4 / 10.0
- Affected Vendor
- emlog pro
- Publication Date
- October 03, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners