Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for customize_login_image by apasionados

    CVE-2021-33851 (GCVE-0-2021-33851)

    Vulnerability from nvd – Published: 2022-03-09 16:54 – Updated: 2024-08-04 00:05
    VLAI
    Summary
    A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin.
    Severity
    No CVSS data available.
    CWE
    Assigner
    CSW
    References
    Impacted products
    Vendor Product Version
    n/a WordPress Customize Login Image Plugin Affected: Version 3.4
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:05:51.654Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WordPress Customize Login Image Plugin",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user\u0027s browser and can use an application as the vehicle for the attack. The XSS payload given in the \"Custom logo link\" executes whenever the user opens the Settings Page of the \"Customize Login Image\" Plugin."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-11T17:54:07.000Z",
            "orgId": "ee1bbb37-1770-46bd-bba8-910037954ee0",
            "shortName": "CSW"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "disclose@cybersecurityworks.com",
              "ID": "CVE-2021-33851",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WordPress Customize Login Image Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Version 3.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user\u0027s browser and can use an application as the vehicle for the attack. The XSS payload given in the \"Custom logo link\" executes whenever the user opens the Settings Page of the \"Customize Login Image\" Plugin."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.html",
                  "refsource": "MISC",
                  "url": "https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee1bbb37-1770-46bd-bba8-910037954ee0",
        "assignerShortName": "CSW",
        "cveId": "CVE-2021-33851",
        "datePublished": "2022-03-09T16:54:38.000Z",
        "dateReserved": "2021-06-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:05:51.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33851 (GCVE-0-2021-33851)

    Vulnerability from cvelistv5 – Published: 2022-03-09 16:54 – Updated: 2024-08-04 00:05
    VLAI
    Summary
    A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin.
    Severity
    No CVSS data available.
    CWE
    Assigner
    CSW
    References
    Impacted products
    Vendor Product Version
    n/a WordPress Customize Login Image Plugin Affected: Version 3.4
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:05:51.654Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WordPress Customize Login Image Plugin",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user\u0027s browser and can use an application as the vehicle for the attack. The XSS payload given in the \"Custom logo link\" executes whenever the user opens the Settings Page of the \"Customize Login Image\" Plugin."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-11T17:54:07.000Z",
            "orgId": "ee1bbb37-1770-46bd-bba8-910037954ee0",
            "shortName": "CSW"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "disclose@cybersecurityworks.com",
              "ID": "CVE-2021-33851",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WordPress Customize Login Image Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Version 3.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user\u0027s browser and can use an application as the vehicle for the attack. The XSS payload given in the \"Custom logo link\" executes whenever the user opens the Settings Page of the \"Customize Login Image\" Plugin."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.html",
                  "refsource": "MISC",
                  "url": "https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee1bbb37-1770-46bd-bba8-910037954ee0",
        "assignerShortName": "CSW",
        "cveId": "CVE-2021-33851",
        "datePublished": "2022-03-09T16:54:38.000Z",
        "dateReserved": "2021-06-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:05:51.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }