CVE-2026-21432
Stored XSS in Emlog 2.5.23 Enables Admin Account Takeover
Publication date: 2026-01-02
Last updated on: 2026-01-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| emlog | emlog | 2.5.23 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-21432 is a stored Cross-Site Scripting (XSS) vulnerability in emlog version pro-2.5.23, specifically in the admin comment management page (/admin/comment.php). An attacker with any user role can submit a comment containing malicious XSS code. When an administrator views or interacts with this comment, the malicious code executes, potentially affecting multiple users if the comment is accepted. This can lead to account takeover, including administrator accounts. No patched versions are currently available. [1]
How can this vulnerability impact me? :
This vulnerability can lead to account takeover of users, including administrators, by executing malicious scripts when administrators interact with malicious comments. This compromises the security and control of the website, potentially allowing attackers to gain unauthorized access and control over user accounts and administrative functions. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the /admin/comment.php page for comments containing suspicious or malicious XSS payloads submitted by any user role. Since the vulnerability triggers when an administrator views or interacts with such comments, inspecting the comments database or web requests for scripts or unusual payloads in comment content is advisable. Specific commands are not provided in the resources, but manual review or use of web application security scanners targeting stored XSS in comment fields on the admin comment management page can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /admin/comment.php page to trusted administrators only, avoiding interaction (such as hovering or clicking reply) with untrusted comments, and monitoring for suspicious comments submitted by any user role. Since no patched versions are available, consider implementing web application firewall (WAF) rules to block or sanitize malicious scripts in comments. Additionally, review and harden user roles and permissions to limit who can post comments. Regular backups and monitoring for unusual account activity are also recommended. [1]