Name of the Vulnerable Software and Affected Versions:

Emlog versions up to and including 2.5.17

Description:

Emlog is an open source website building system susceptible to a cross-site scripting (XSS) issue. A malicious actor with authentication can inject arbitrary web script or HTML via the `siteurl` parameter, leading to Stored XSS. Clicking a link containing the malicious code results in its execution.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.