PT-2024-23754 · Venugopal · Change Default Login Logo

Dimas Maulana

Published

2024-04-15

Updated

2024-04-15

CVE-2024-31086

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Venugopal Change default login logo, url and title versions n/a through 2.0

Description The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that also allows Cross-Site Scripting (XSS) in the Change default login logo, url and title feature.

Recommendations For versions n/a through 2.0, update to a version that includes a fix for this issue, as no specific workaround is provided in the available information.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2024-31086

Affected Products

Change Default Login Logo

PT-2024-23754 · Venugopal · Change Default Login Logo

CVE-2024-31086

Weakness Enumeration

Related Identifiers

Affected Products

References · 4