Home > Vulnerability Database > CVE-2025-61597

Mend.io Vulnerability Database

CVE-2025-61597

Good to know:

Date: October 3, 2025

Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting (XSS) via the mail template settings. Once a malicious payload is saved, any subsequent visit to the settings page in an authenticated admin context will execute attacker‑controlled JavaScript, enabling session/token theft and full admin account takeover. This issue is fixed in version 2.5.22.

Severity Score

7.6

Related Resources (4)

Url: https://github.com/emlog/emlog/security/advisories/GHSA-hj97-hp2c-6m4m

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-61597

Url: https://github.com/emlog/emlog/pull/179

Url: https://www.mend.io/vulnerability-database/CVE-2025-61597

Severity Score

7.6

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	7.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-61597

Good to know:

Date: October 3, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?