H4Ll0T

**Name of the Vulnerable Software and Affected Versions** Emlog Pro versions 2.5.21 and below **Description** A stored Cross-Site Scripting (XSS) issue exists in the "Twitter" feature. An authenticated user with posting privileges can inject arbitrary JavaScript code. The malicious script is stored on the server and executed in the browser of any user who views the malicious post, including administrators. The vulnerable component is the functionality related to posting "Twitter" messages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.