CVE-2025-60447
03.10.2025, 14:15
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to persistent JavaScript execution.
Awaiting analysis
This vulnerability is currently awaiting analysis.