Name of the Vulnerable Software and Affected Versions:

Emlog versions through 2.5.17

Description:

Emlog is a website building system susceptible to a cross-site scripting (XSS) issue. Insufficient sanitization of the `keyword` parameter allows remote attackers to inject arbitrary web scripts or HTML. Successful exploitation requires a user to click a specially crafted link, enabling the execution of JavaScript code in the administrator's browser.

Recommendations:

Versions prior to 2.5.17 are affected.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.