What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu Logo Slider , Logo Carousel , Logo showcase , Client Logo tc-logo-slider allows Stored XSS.This issue affects Logo Slider , Logo Carousel , Logo showcase , Client Logo: from n/a through <= 1.8.1.
Explanation of Vulnerability in Simple Terms
02Summary
A cross-site scripting (XSS) vulnerability in Logo Slider and related products allows authenticated users with high privileges to inject malicious scripts. The vulnerability requires user interaction and affects versions up to 1.8.1. An attacker with admin or editor access can craft a malicious input that executes in other users' browsers, potentially compromising site security.
What an attacker can do
03Attacker Capabilities
Inject malicious JavaScript that runs in other users' browsers when they view affected pages.
Potential impact on your site
04Site Impact
A compromised admin or editor account can inject scripts affecting other users, risking credential theft or unauthorized actions.
Conditions required to exploit
05Prerequisites
Attacker must have high-level authentication (admin/editor role) and the victim must visit a page containing the injected content.
Key dates
06Disclosure timeline
December 31, 2025
CVE published
April 28, 2026
Record updated