14 matches found
CVE-2026-28445
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...
CVE-2025-23758
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pootlepress Pootle button pootle-button allows Reflected XSS.This issue affects Pootle button: from n/a through = 1.2.0...
EUVD-2011-2822
Malware in sbrugna...
EUVD-2024-30509
Malicious code in bioql PyPI...
EUVD-2024-27409
Malicious code in bioql PyPI...
@aemforms/af-react-native (>=1.0.1 <=1.0.31), @akalli/components (=0.0.1) +151 more potentially affected by unknown CVE via @react-native-aria/button (=0.2.10)
@react-native-aria/button NPM version =0.2.10 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/button and may be impacted: - @aemforms/af-react-native =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2, =1.2.0, =0.1.0, =0.0.4, =4.0.2,...
Cross-site Scripting
Overview org.webjars.bowergithub.jasny:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting through the data-loading-text attribute in the button component. An attacker can execute arbitrary...
CVE-2023-46613
A vulnerability in Add to Calendar Add to Calendar Button add-to-calendar-button.This issue affects Add to Calendar Button: from n/a through 1.5.1...
Cross-site Scripting (XSS)
@joeattardi/emoji-button is vulnerable to cross-site scripting. The vulnerability exists because the custom emojis of emoji-button doesn't escape HTML, allowing an attacker to inject and execute malicious javascript...
PT-2021-16087 · WordPress · Accept Donations With Paypal
Name of the Vulnerable Software and Affected Versions: Accept Donations with PayPal WordPress plugin versions prior to 1.3.1 Description: The issue is related to a lack of CSRF check in the process of creating new donation buttons, which are internally treated as posts. This allows an attacker to...
CVE-2018-16084
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page...
CVE-2003-0908
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialo...
CVE-2002-1849
ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with...
Using the backbutton in IE is dangerous
---..---..---..---..---..---..---..---..---..---..---..---..---- Title: Using the backbutton in IE is dangerous. Date: 2002-04-15 Software: At least Internet Explorer 6.0. Tested env: Windows 2000 pro, XP. Rating: Medium because user interaction is needed. Impact: Read cookies/local files and...