14 matches found
WordPress Customize Login Image <3.5.3 - Cross-Site Scripting
WordPress Customize Login Image plugin prior to 3.5.3 contains a cross-site scripting vulnerability via the custom logo link on the Settings page. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-33851 info: name: WordPress Customi...
CVE-2021-33851
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...
CVE-2025-11470
A security vulnerability has been detected in SourceCodester Hotel and Lodge Management System up to 1.0. The impacted element is an unknown function of the file /managewebsite.php. The manipulation of the argument websiteimage/backloginimage leads to unrestricted upload. The attack is possible t...
CVE-2025-11470
A security vulnerability has been detected in SourceCodester Hotel and Lodge Management System up to 1.0. The impacted element is an unknown function of the file /managewebsite.php. The manipulation of the argument websiteimage/backloginimage leads to unrestricted upload. The attack is possible t...
CVE-2025-11470
A security vulnerability has been detected in SourceCodester Hotel and Lodge Management System up to 1.0. The impacted element is an unknown function of the file /managewebsite.php. The manipulation of the argument websiteimage/backloginimage leads to unrestricted upload. The attack is possible t...
SourceCodester Hotel and Lodge Management System 代码问题漏洞
SourceCodester Hotel and Lodge Management System is a SourceCodester open source hotel and lodge management system. A code issue vulnerability exists in SourceCodester Hotel and Lodge Management System version 1.0 and earlier, which stems from incorrect manipulation of the parameter...
EUVD-2021-20525
Malware in sbrugna...
Hotel Booking System 1.0 Shell Upload
============================================================================================================================================= | Title : Hotel Booking System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
CVE-2021-33851
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...
CVE-2021-33851
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...
WordPress Plugin 跨站脚本漏洞
WordPress plugin is a WordPress open source application plugin. WordPress Customize Login Image Plugin version 3.4 contains a cross-site scripting vulnerability that can be exploited by attackers to cause arbitrary code JavaScript to run when a user's browser connects to a trusted website...
CVE-2021-33851
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...
WordPress Customize Login Image plugin <= 3.5.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Cyber Security Works Pvt. Ltd in WordPress Customize Login Image plugin versions = 3.5.2. Solution Update the WordPress Customize Login Image plugin to the latest available version at least 3.5.3...
Nextcloud: Arbitrary File Upload in Logo & Log in image Theming setting.
Hi team First I think this vulnerability doesn't fall at your bug bounty program but this is a bad design that should fix right now cause if an attacker get admin access he still can upload a malicious file in client server side. I saw that Logo & Log in image allow to upload other files type...