CVE-2025-61599

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-61599

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61599.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-61599

Aliases

GHSA-rm5c-mjpg-vm89

Published

2025-10-03T06:27:46.228Z

Modified

2026-04-10T05:32:38.581218Z

Severity

5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N CVSS Calculator

Summary

Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input

Details

Emlog is an open source website building system. A stored Cross-Site Scripting (XSS) vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on the server and gets executed in the browser of any user, including administrators, when they click on the malicious post to view it. This issue does not currently have a fix.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61599.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/emlog/emlog

Affected ranges

Type

GIT

Repo

https://github.com/emlog/emlog

Events

Introduced

Last affected

df62cfd2ffa28a29af3442ba8c942ee7ab581f98

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5.21"
        }
    ]
}

Affected versions

5.*

5.3.1

6.*

6.0.0

6.1.0

Other

pro-test-01

pro-test-02

emlog_5.*

emlog_5.1.2

emlog_5.2.0

emlog_5.2.1

emlog_5.3.0

pro-1.*

pro-1.0.0

pro-1.0.1

pro-1.0.2

pro-1.0.3

pro-1.0.4

pro-1.0.5

pro-1.0.6

pro-1.0.7

pro-1.0.8

pro-1.1.0

pro-1.1.1

pro-1.2.0

pro-1.2.1

pro-1.2.2

pro-1.3.0

pro-1.3.1

pro-1.4.0

pro-1.5.0

pro-1.5.0.new

pro-1.5.1

pro-1.6.0

pro-1.7.0

pro-1.7.1

pro-1.8.0

pro-1.9.0

pro-1.9.1

pro-1.9.2

pro-1.9.3

pro-2.*

pro-2.0.0

pro-2.0.1

pro-2.0.2

pro-2.0.3

pro-2.1.0

pro-2.1.1

pro-2.1.10

pro-2.1.11

pro-2.1.12

pro-2.1.13

pro-2.1.14

pro-2.1.15

pro-2.1.2

pro-2.1.3

pro-2.1.4

pro-2.1.5

pro-2.1.6

pro-2.1.7

pro-2.1.8

pro-2.1.9

pro-2.2.0

pro-2.2.1

pro-2.2.10

pro-2.2.11

pro-2.2.2

pro-2.2.3

pro-2.2.4

pro-2.2.5

pro-2.2.6

pro-2.2.7

pro-2.2.8

pro-2.2.9

pro-2.3.0

pro-2.3.1

pro-2.3.10

pro-2.3.11

pro-2.3.12

pro-2.3.13

pro-2.3.14

pro-2.3.15

pro-2.3.16

pro-2.3.17

pro-2.3.18

pro-2.3.2

pro-2.3.4

pro-2.3.5

pro-2.3.6

pro-2.3.7

pro-2.3.8

pro-2.3.9

pro-2.4.0

pro-2.4.1

pro-2.4.2

pro-2.4.3

pro-2.5.1

pro-2.5.10

pro-2.5.11

pro-2.5.12

pro-2.5.13

pro-2.5.14

pro-2.5.15

pro-2.5.16

pro-2.5.17

pro-2.5.18

pro-2.5.19

pro-2.5.2

pro-2.5.20

pro-2.5.21

pro-2.5.3

pro-2.5.4

pro-2.5.5

pro-2.5.6

pro-2.5.7

pro-2.5.8

pro-2.5.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61599.json"