Wuhaozhe

**Name of the Vulnerable Software and Affected Versions** Emlog Pro version 2.1.14 **Description** A reflective cross-site scripting (XSS) issue was discovered in Emlog Pro. The vulnerability is exploited via the `/admin/article.php?active savedraft` component. This allows for potential XSS attacks. **Recommendations** For Emlog Pro version 2.1.14, consider disabling access to the `/admin/article.php?active savedraft` component until a patch is available. Restricting user input in this component can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Emlog version pro2.1.14 **Description** A SQL injection issue was discovered via the `uid` parameter at the "/admin/media.php" API endpoint. This allows for potential exploitation. **Recommendations** For Emlog version pro2.1.14, consider restricting access to the "/admin/media.php" endpoint until a patch is available, and avoid using the `uid` parameter in this endpoint to minimize the risk of exploitation.