Security Advisory

CVE-2025-60448

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-03 00:00:00

Last updated 2025-10-03 15:48:57

Assigner mitre

State PUBLISHED

Description

A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed.

← Browse all CVEs View on cve.org ↗