34 matches found
CVE-2026-24745
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...
CVE-2026-24745 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...
CVE-2026-24745 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...
CVE-2026-24745
InvoicePlane 1.7.0 is affected by a Stored XSS in the Upload Login Logo feature, where SVG uploads can inject script. Exploitation requires administrator privileges but can compromise application integrity and data via stored malicious scripts; CVSS 3.1 base score 5.7 (Medium). The issue is mitig...
InvoicePlane 跨站脚本漏洞
InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a cross-site scripting vulnerability. This vulnerability stems from the login logo...
EUVD-2025-60954
The WP Custom Admin Login Page Logo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.8.4. This is due to missing or incorrect nonce validation on the wpclplsave functionality. This makes it possible for unauthenticated attackers to modify...
CVE-2025-12132
The WP Custom Admin Login Page Logo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.8.4. This is due to missing or incorrect nonce validation on the wpclplsave functionality. This makes it possible for unauthenticated attackers to modify...
CVE-2025-53245
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Afzal Multani WP Logo Changer am-login-logo allows Stored XSS.This issue affects WP Logo Changer: from n/a through = 1.2...
EUVD-2025-38000
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Afzal Multani WP Logo Changer am-login-logo allows Stored XSS.This issue affects WP Logo Changer: from n/a through = 1.2...
PT-2025-45221
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Afzal Multani WP Logo Changer am-login-logo allows Stored XSS.This issue affects WP Logo Changer: from n/a through = 1.2...
EUVD-2024-36731
Malicious code in bioql PyPI...
EUVD-2025-8353
Malicious code in bioql PyPI...
EUVD-2024-28997
Malicious code in bioql PyPI...
CVE-2024-37523
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AMP-MODE Login Logo Editor allows Stored XSS.This issue affects Login Logo Editor: from n/a through 1.3.3...
CVE-2025-30822
Cross-Site Request Forgery CSRF vulnerability in Hakik Zaman Custom Login Logo ideal-wp-login-logo-changer allows Cross Site Request Forgery.This issue affects Custom Login Logo: from n/a through = 1.1.7...
CVE-2025-30822
Cross-Site Request Forgery CSRF vulnerability in Hakik Zaman Custom Login Logo ideal-wp-login-logo-changer allows Cross Site Request Forgery.This issue affects Custom Login Logo: from n/a through = 1.1.7...
WordPress Custom Login Logo Plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Custom Login Logo versions = 1.1.7...
CVE-2025-30822 WordPress Custom Login Logo Plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Hakik Zaman Custom Login Logo ideal-wp-login-logo-changer allows Cross Site Request Forgery.This issue affects Custom Login Logo: from n/a through = 1.1.7...
CVE-2025-30822 WordPress Custom Login Logo Plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Hakik Zaman Custom Login Logo ideal-wp-login-logo-changer allows Cross Site Request Forgery.This issue affects Custom Login Logo: from n/a through = 1.1.7...
CVE-2025-30822
CVE-2025-30822 describes a Cross-Site Forgery in the WordPress plugin Custom Login Logo, affecting versions up to 1.1.7. The CVSS v3.1 base score is 4.3 (Medium) with UI: Required, no privileges, network attack vector. The Connected Documents do not provide explicit exploitation details or a conf...