Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remote attackers to execute arbitrary code via a long argument to the GetComponentVersion method. NOTE: ...
7.8AI Score
0.913EPSS
Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content.
5.5AI Score
0.003EPSS
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function.
5.4CVSS
6.3AI Score
0.001EPSS