Vulnerability Details CVE-2025-60447
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to persistent JavaScript execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.9%
CVSS Severity
CVSS v3 Score 5.9
References