CVE-2026-46686
Emlog Reflected Cross-Site Scripting
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected cross-site scripting in an administrator's backend session. No fixed version is currently identified.
| CWE | CWE-79 |
| Vendor | emlog |
| Product | emlog |
| Published | Jul 16, 2026 |
| Last Updated | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for emlog emlog
Be the first to know when new unknown vulnerabilities affecting emlog emlog are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
emlog / emlog
<= 2.6.13