Jilaqi2333

Name of the Vulnerable Software and Affected Versions: Emlog version 2.5.13 Description: Emlog is an open source website building system with a stored cross-site scripting issue. This allows any registered user to construct malicious JavaScript, inducing all website users to click. The `/admin/comment.php` endpoint is affected, where the `perpage num` parameter is not validated and is directly stored in the database. The output is not filtered, resulting in the direct output of malicious code. Recommendations: For Emlog version 2.5.13, as a temporary workaround, consider validating and filtering the `perpage num` parameter in the `/admin/comment.php` endpoint to prevent malicious code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.