CVE-2025-47786

Name of the Vulnerable Software and Affected Versions: Emlog version 2.5.13

Description: Emlog is an open source website building system with a stored cross-site scripting issue. This allows any registered user to construct malicious JavaScript, inducing all website users to click. The /admin/comment.php endpoint is affected, where the perpage num parameter is not validated and is directly stored in the database. The output is not filtered, resulting in the direct output of malicious code.

Recommendations: For Emlog version 2.5.13, as a temporary workaround, consider validating and filtering the perpage num parameter in the /admin/comment.php endpoint to prevent malicious code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.