CVE-2026-28445

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...

CVE-2025-23758

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pootlepress Pootle button pootle-button allows Reflected XSS.This issue affects Pootle button: from n/a through = 1.2.0...

EUVD-2011-2822

Malware in sbrugna...

EUVD-2024-30509

Malicious code in bioql PyPI...

EUVD-2024-27409

Malicious code in bioql PyPI...

Cross-site Scripting

Overview org.webjars.bowergithub.jasny:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting through the data-loading-text attribute in the button component. An attacker can execute arbitrary...

CVE-2023-46613

A vulnerability in Add to Calendar Add to Calendar Button add-to-calendar-button.This issue affects Add to Calendar Button: from n/a through 1.5.1...

Cross-site Scripting (XSS)

@joeattardi/emoji-button is vulnerable to cross-site scripting. The vulnerability exists because the custom emojis of emoji-button doesn't escape HTML, allowing an attacker to inject and execute malicious javascript...

PT-2021-16087 · WordPress · Accept Donations With Paypal

Name of the Vulnerable Software and Affected Versions: Accept Donations with PayPal WordPress plugin versions prior to 1.3.1 Description: The issue is related to a lack of CSRF check in the process of creating new donation buttons, which are internally treated as posts. This allows an attacker to...

CVE-2018-16084

The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page...

CVE-2003-0908

The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialo...

CVE-2002-1849

ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with...

Using the backbutton in IE is dangerous

---..---..---..---..---..---..---..---..---..---..---..---..---- Title: Using the backbutton in IE is dangerous. Date: 2002-04-15 Software: At least Internet Explorer 6.0. Tested env: Windows 2000 pro, XP. Rating: Medium because user interaction is needed. Impact: Read cookies/local files and...