XSS in Emlog

CVE-2026-46686

Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value att…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

  • Emlog — versions <= 2.6.13

Weakness classification (CWE)

References