CVE-2025-61769

Name of the Vulnerable Software and Affected Versions Emlog versions up to and including 2.5.22

Description A cross-site scripting (XSS) issue exists in Emlog, potentially allowing authenticated remote attackers to inject arbitrary web script or HTML. This is possible through the file upload functionality, specifically by uploading malicious .svg files containing JavaScript code which is then executed. The issue is addressed by commit 052f9c4226b2c0014bcd857fec47677340b185b1.

Recommendations Update to a version later than 2.5.22.