๐Ÿ” CVE Alert

CVE-2026-46686

UNKNOWN 0.0

Emlog Reflected Cross-Site Scripting

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected cross-site scripting in an administrator's backend session. No fixed version is currently identified.

CWE CWE-79
Vendor emlog
Product emlog
Published Jul 16, 2026
Last Updated Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for emlog emlog

Be the first to know when new unknown vulnerabilities affecting emlog emlog are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

emlog / emlog
<= 2.6.13

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/emlog/emlog/security/advisories/GHSA-3h87-c3m2-jpj9