CVE-2026-46686
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
Jul 16, 2026
Vendor
unknown
Description
Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected cross-site scripting in an administrator's backend session. No fixed version is currently identified.