29 matches found
CVE-2026-2499
The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2026-2499
The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2026-2499
The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2026-2499 Custom Logo <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting
The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2026-2499
CVE-2026-2499 affects the WordPress Custom Logo plugin (
PT-2026-22095
The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
WordPress plugin Custom Logo 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Custom Logo plugin <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Logo Path Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Custom Logo versions = 2.2...
PT-2026-5899
Name of the Vulnerable Software and Affected Versions Apple Vision Pro affected versions not specified Description The issue appears to be a security flaw in vision-related technology, potentially affecting Apple Vision Pro. While no public jailbreak currently exists for iOS 26.0 as of February...
CVE-2023-40932
A Cross-site scripting XSS vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...
EUVD-2019-5235
Malware in sbrugna...
CVE-2022-24343
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions...
PT-2025-17250 · WordPress · The Login Manager – Design Login Page
Name of the Vulnerable Software and Affected Versions: The Login Manager – Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress versions up to, and including, 2.0.5 Description: The issue is related to Stored Cross-Site Scripting via Custom logo and background URLs du...
Cross site scripting
A Cross-site scripting XSS vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...
Nagios XI Cross-Site Scripting Vulnerability
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A cross-site scripting vulnerability exists in Nagios XI 5.11.1 and earlier versions, which originates fro...
PT-2023-5504 · Nagios Xi · Nagios Xi
Name of the Vulnerable Software and Affected Versions: Nagios XI versions 5.11.1 and below Description: A Cross-site scripting XSS vulnerability in the Custom Logo component allows authenticated attackers to inject arbitrary javascript or HTML via the alt-text field. This affects all pages...
CVE-2021-33851
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...
CVE-2021-33851
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...
CVE-2021-33851
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...
JetBrains YouTrack Elevation of Privilege Vulnerability (CNVD-2022-20141)
JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software features error tracking, creating workflows and monitoring project progress.An elevation of privilege vulnerability exists in versions prior to JetBrains YouTrack...