CVE-2025-53925

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-53925

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53925.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53925

Aliases

GHSA-x4wj-rhvg-hqr9

Published

2025-07-16T14:21:42.272Z

Modified

2026-04-10T05:31:01.147738Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Emlog has Stored Cross-site Scripting vulnerability in file upload functionality

Details

Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload an .svg file that contains JavaScript code that is later executed. As of time of publication, no known patched versions exist.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53925.json"
}

References

Affected packages

Git / github.com/emlog/emlog

Affected ranges

Type

GIT

Repo

https://github.com/emlog/emlog

Events

Introduced

Last affected

242d26c7866c6d66b589fff88e8885a401286f42

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "pro-2.5.17"
        }
    ]
}

Affected versions

5.*

5.3.1

6.*

6.0.0

6.1.0

Other

pro-test-01

pro-test-02

emlog_5.*

emlog_5.1.2

emlog_5.2.0

emlog_5.2.1

emlog_5.3.0

pro-1.*

pro-1.0.1

pro-1.0.2

pro-1.0.3

pro-1.0.4

pro-1.0.5

pro-1.0.6

pro-1.0.7

pro-1.0.8

pro-1.1.0

pro-1.1.1

pro-1.2.0

pro-1.2.1

pro-1.2.2

pro-1.3.0

pro-1.3.1

pro-1.4.0

pro-1.5.0

pro-1.5.0.new

pro-1.5.1

pro-1.6.0

pro-1.7.0

pro-1.7.1

pro-1.8.0

pro-1.9.0

pro-1.9.1

pro-1.9.2

pro-1.9.3

pro-2.*

pro-2.0.0

pro-2.0.1

pro-2.0.2

pro-2.0.3

pro-2.1.0

pro-2.1.1

pro-2.1.10

pro-2.1.11

pro-2.1.12

pro-2.1.13

pro-2.1.14

pro-2.1.15

pro-2.1.2

pro-2.1.3

pro-2.1.4

pro-2.1.5

pro-2.1.6

pro-2.1.7

pro-2.1.8

pro-2.1.9

pro-2.2.0

pro-2.2.1

pro-2.2.10

pro-2.2.11

pro-2.2.2

pro-2.2.3

pro-2.2.4

pro-2.2.5

pro-2.2.6

pro-2.2.7

pro-2.2.8

pro-2.2.9

pro-2.3.0

pro-2.3.1

pro-2.3.10

pro-2.3.11

pro-2.3.12

pro-2.3.13

pro-2.3.14

pro-2.3.15

pro-2.3.16

pro-2.3.17

pro-2.3.18

pro-2.3.2

pro-2.3.4

pro-2.3.5

pro-2.3.6

pro-2.3.7

pro-2.3.8

pro-2.3.9

pro-2.4.0

pro-2.4.1

pro-2.4.2

pro-2.4.3

pro-2.5.1

pro-2.5.10

pro-2.5.11

pro-2.5.12

pro-2.5.13

pro-2.5.14

pro-2.5.15

pro-2.5.16

pro-2.5.17

pro-2.5.2

pro-2.5.3

pro-2.5.4

pro-2.5.5

pro-2.5.6

pro-2.5.7

pro-2.5.8

pro-2.5.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53925.json"