{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T23:37:49.118","vulnerabilities":[{"cve":{"id":"CVE-2025-53925","sourceIdentifier":"security-advisories@github.com","published":"2025-07-16T15:15:32.633","lastModified":"2025-08-14T20:38:06.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload an .svg file that contains JavaScript code that is later executed. As of time of publication, no known patched versions exist."},{"lang":"es","value":"Emlog es un sistema de creación de sitios web de código abierto. Una vulnerabilidad de cross-site scripting (XSS) en emlog, hasta la versión pro-2.5.17 incluida, permite a atacantes remotos autenticados inyectar código web o HTML arbitrario mediante la función de carga de archivos. Como usuario autenticado, es posible cargar un archivo .svg que contiene código JavaScript y que posteriormente se ejecuta. Al momento de la publicación, no se conocían versiones parcheadas."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*","versionEndIncluding":"2.5.17","matchCriteriaId":"1EFAF54A-ED0B-426F-9128-643A8184191F"}]}]}],"references":[{"url":"https://github.com/emlog/emlog/security/advisories/GHSA-x4wj-rhvg-hqr9","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/emlog/emlog/security/advisories/GHSA-x4wj-rhvg-hqr9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}