Cross-Site Scripting Vulnerability in Emlog Website Building System
CVE-2025-61769

2.1LOW

Key Information:

Vendor: Emlog
Status: Emlog
Vendor: CVE Published:; 6 October 2025

What is CVE-2025-61769?

The Emlog website building system has a Cross-Site Scripting (XSS) vulnerability that affects versions up to and including 2.5.22. This security issue arises from the file upload functionality, where authenticated users can upload .svg files containing JavaScript code. If successfully uploaded, the malicious script may be executed in the context of other users, potentially leading to unauthorized actions and data exposure. The issue has been addressed in a recent commit that ensures improved validation and sanitization of uploaded files.

Affected Version(s)

emlog <= 2.5.22

References

https://github.com/emlog/emlog/security/advisories/GHSA-r...

x_refsource_CONFIRM

https://github.com/emlog/emlog/commit/052f9c4226b2c0014bc...

x_refsource_MISC

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2025
Vulnerability Reserved
Sep 30, 2025

JSON