Main Vulnerability Database Vulnerabilities #VU125573

#VU125573 Cross-site scripting in Emlog Pro

Published: April 9, 2026 / Updated: April 10, 2026

Vulnerability identifier: #VU125573

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Emlog Pro

Software vendor:
Emlog

Description

The vulnerability allows a remote attacker to execute arbitrary script code in the administrator's browser.

The vulnerability exists due to cross-site scripting and missing request validation in link management when handling a forged request that creates a crafted link entry and later rendering the icon field. A remote attacker can submit a specially crafted request to execute arbitrary script code in the administrator's browser.

Exploitation requires an administrator to be logged in and to open the link management page after the crafted entry has been created.

Remediation

Install security update from vendor's website.

External links

https://github.com/emlog/emlog/security/advisories/GHSA-pwhm-5qv9-2mw4

#VU125573 Cross-site scripting in Emlog Pro

Description

Remediation

External links

Please verify you're human