XSS in Emlog
CVE-2026-46686
Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value att…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Emlog — versions <= 2.6.13
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)