CVE-2020-18194

Name of the Vulnerable Software and Affected Versions: emlog version 6.0.0

Description: The issue allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post, which is a form of Cross Site Scripting (XSS). This enables attackers to potentially inject malicious scripts into the application.

Recommendations: For emlog version 6.0.0, update to a newer version that contains a fix for this issue to prevent remote attackers from executing arbitrary code. As a temporary workaround, consider restricting the ability to add links to new blog posts or disabling the feature to add scripts as links until a patch is available.