CVE-2025-60448

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.19

Description A stored Cross-Site Scripting (XSS) issue exists due to inadequate validation of SVG file uploads within the /admin/media.php component. This allows attackers to upload malicious SVG files containing JavaScript code. When these files are viewed, the embedded JavaScript code executes. The vulnerable component is the SVG file upload functionality.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.