Stored XSS Vulnerability in Emlog Comment Module from Emlog
CVE-2026-34229

6.1MEDIUM

Key Information:

Vendor: Emlog
Status: Emlog
Vendor: CVE Published:; 3 April 2026

What is CVE-2026-34229?

Emlog, an open-source website building system, contains a stored cross-site scripting (XSS) vulnerability within its comment module. This vulnerability arises from a URI scheme validation bypass, allowing attackers to inject malicious scripts into web pages viewed by other users. Affected users should update to version 2.6.8 or later, where this issue has been addressed, to enhance their website's security and protect against potential exploitation.

Affected Version(s)

emlog < 2.6.8

References

https://github.com/emlog/emlog/security/advisories/GHSA-7...

x_refsource_CONFIRM

https://github.com/emlog/emlog/commit/a12ab1b1a273fe634ab...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34229 Data

JSON