{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53924", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-14T17:23:35.258Z", "datePublished": "2025-07-16T13:55:57.980Z", "dateUpdated": "2025-07-18T14:52:56.399Z"}, "containers": {"cna": {"title": "Emlog vulnerable to stored Cross-site Scripting in links functionality", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/emlog/emlog/security/advisories/GHSA-6rmq-5rjf-3fmx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/emlog/emlog/security/advisories/GHSA-6rmq-5rjf-3fmx"}], "affected": [{"vendor": "emlog", "product": "emlog", "versions": [{"version": "<= pro-2.5.17", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-16T14:20:59.773Z"}, "descriptions": [{"lang": "en", "value": "Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code into siteurl parameter resulting in Stored XSS. When someone clicks on the link the malicious code is executed. As of time of publication, no known patched versions exist."}], "source": {"advisory": "GHSA-6rmq-5rjf-3fmx", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/emlog/emlog/security/advisories/GHSA-6rmq-5rjf-3fmx", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-18T14:52:53.850119Z", "id": "CVE-2025-53924", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T14:52:56.399Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53924", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-18T14:52:53.850119Z"}}}], "references": [{"url": "https://github.com/emlog/emlog/security/advisories/GHSA-6rmq-5rjf-3fmx", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T14:52:47.881Z"}}], "cna": {"title": "Emlog vulnerable to stored Cross-site Scripting in links functionality", "source": {"advisory": "GHSA-6rmq-5rjf-3fmx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "emlog", "product": "emlog", "versions": [{"status": "affected", "version": "<= pro-2.5.17"}]}], "references": [{"url": "https://github.com/emlog/emlog/security/advisories/GHSA-6rmq-5rjf-3fmx", "name": "https://github.com/emlog/emlog/security/advisories/GHSA-6rmq-5rjf-3fmx", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code into siteurl parameter resulting in Stored XSS. When someone clicks on the link the malicious code is executed. As of time of publication, no known patched versions exist."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-16T14:20:59.773Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53924", "state": "PUBLISHED", "dateUpdated": "2025-07-18T14:52:56.399Z", "dateReserved": "2025-07-14T17:23:35.258Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-07-16T13:55:57.980Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*", "matchCriteriaId": "1EFAF54A-ED0B-426F-9128-643A8184191F", "versionEndIncluding": "2.5.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code into siteurl parameter resulting in Stored XSS. When someone clicks on the link the malicious code is executed. As of time of publication, no known patched versions exist."}, {"lang": "es", "value": "Emlog es un sistema de c\u00f3digo abierto para la creaci\u00f3n de sitios web. Una vulnerabilidad de cross-site scripting (XSS) en emlog, hasta la versi\u00f3n pro-2.5.17 incluida, permite a atacantes remotos autenticados inyectar c\u00f3digo web o HTML arbitrario mediante el par\u00e1metro siteurl. Es posible inyectar c\u00f3digo malicioso en el par\u00e1metro siteurl, lo que resulta en XSS almacenado. Al hacer clic en el enlace, se ejecuta el c\u00f3digo malicioso. Al momento de la publicaci\u00f3n, no se conocen versiones parcheadas."}], "id": "CVE-2025-53924", "lastModified": "2025-07-18T15:15:28.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 4.7, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-07-16T14:15:28.700", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/emlog/emlog/security/advisories/GHSA-6rmq-5rjf-3fmx"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/emlog/emlog/security/advisories/GHSA-6rmq-5rjf-3fmx"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Secondary"}]}

{}