CVE-2026-21431
Unknown Unknown - Not Provided
Stored XSS in Emlog 2.5.23 Media Library Allows Persistent Injection

Publication date: 2026-01-02

Last updated on: 2026-01-02

Assigner: GitHub, Inc.

Description
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `Resource media library ` function while publishing an article. As of time of publication, no known patched versions are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-02
Last Modified
2026-01-02
Generated
2026-06-16
AI Q&A
2026-01-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-21431
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
emlog emlog to 2.5.23 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-21431 is a stored Cross-Site Scripting (XSS) vulnerability in the Resource media library function of emlog version 2.5.23. An attacker can upload an image file with a maliciously crafted filename containing JavaScript code. When an administrator later publishes an article and interacts with this image in the media library, the embedded script executes in the administrator's browser, potentially stealing cookies and enabling session hijacking or other malicious actions. [1]

Impact Analysis

This vulnerability can lead to the theft of administrator cookies, which may allow attackers to hijack administrator sessions. This can result in unauthorized access to the website's administrative functions, potentially leading to further compromise of the website, data manipulation, or other malicious activities. [1]

Detection Guidance

This vulnerability can be detected by inspecting uploaded image filenames in the Resource media library for suspicious patterns that include embedded JavaScript code, such as filenames containing sequences like `><img src=1 onerror=alert(document.cookie)>.jpg`. There are no specific commands provided, but searching the media library upload directory or database for filenames matching patterns with HTML tags or JavaScript event handlers could help identify potential exploit attempts. [1]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of the Resource media library to select or hover over uploaded images with untrusted filenames, restricting upload permissions to trusted users only, and sanitizing or validating filenames of uploaded media to prevent inclusion of malicious scripts. Since no patched versions are available, administrators should exercise caution when publishing articles using the media library and consider removing or renaming suspicious files. [1]

Compliance Impact

The vulnerability allows theft of administrator cookies through stored cross-site scripting, potentially leading to session hijacking and unauthorized access. Such unauthorized access and data exposure could result in non-compliance with standards like GDPR and HIPAA, which require protection of personal and sensitive data. However, no specific compliance impact is detailed in the provided resources. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21431. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart