Vulnerabilities

CVE-2025-60448

by Fred · 03/10/2025

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed.

More information : https://snowhy77.github.io/2025/08/21/SVG-File-Upload-XSS-Vulnerability-in-Emlog-Pro/

Similar

Tags: Cybersecurity Alert