CVE-2025-60447

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.19

Description A stored Cross-Site Scripting (XSS) issue has been identified. The vulnerability is located in the email template configuration component at the /admin/setting.php?action=mail API endpoint. This allows administrators to input HTML code that is not properly sanitized, resulting in persistent JavaScript execution. The HTML code input by administrators is not validated, enabling the injection of malicious scripts.

Recommendations Update to a newer version that contains a fix for this vulnerability.