Ghostwire

CVE-2026-46686: Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword...

HIGH CVSS 8.5 Exploit Available

Published: July 16, 2026 | Last Modified: July 16, 2026

Description

Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected cross-site scripting in an administrator's backend session. No fixed version is currently identified.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References