cvedb.io
CVE-2021-33851
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2022-03-10T17:42:36.047 · Last modified 2026-06-17T03:55:19.090

Summary

A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin.

Affected products

apasionados — customize_login_image

Does this affect you?

Add your gear to cvedb and we'll alert you only when apasionados ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.