Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality. This issue affects BUTTERFLY BUTTON: As of...
7.5CVSS
7.5AI Score
0.001EPSS
Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its...
4.6CVSS
4.8AI Score
0.001EPSS
Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to...
7AI Score
0.02EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter...
5.9AI Score
0.002EPSS
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id...
8.7AI Score
0.001EPSS
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE...
8.7AI Score
0.001EPSS
PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE:...
7.5AI Score
0.02EPSS