Rating by BestWebSoft < 0.2 - Cross-Site Scripting

The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18530 info: name: Rating by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. impact: |...

CVE-2026-8910

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

CVE-2026-8910

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

CVE-2026-8910

The CVE refers to the WordPress plugin WP Emoticon Rating (versions

EUVD-2026-35313

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

CVE-2026-8910 WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

WordPress WP Emoticon Rating plugin <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP Emoticon Rating versions = 1.0.1...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0194-1 Rating: important References: 1265854 1266471 1267706 Cross-References: CVE-2026-10000 CVE-2026-10001 CVE-2026-10002 CVE-2026-10003 CVE-2026-10004 CVE-2026-10005 CVE-2026-10006 CVE-2026-10007...

kernel-devel-7.0.11-1.1 on GA media (moderate)

kernel-devel-7.0.11-1.1 on GA media Announcement ID: openSUSE-SU-2026:10954-1 Rating: moderate Cross-References: CVE-2026-43494 CVE-2026-43503 CVE-2026-45834 CVE-2026-45835 CVE-2026-45836 CVE-2026-45837 CVE-2026-45838 CVE-2026-45839 CVE-2026-45840 CVE-2026-45841 CVE-2026-45842 CVE-2026-45843...

amazon-ssm-agent-3.3.4624.0-1.1 on GA media (moderate)

amazon-ssm-agent-3.3.4624.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10943-1 Rating: moderate Cross-References: CVE-2026-44740 CVSS scores: CVE-2026-44740 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-44740 SUSE : 8.7...

erlang27-27.1.3-2.1 on GA media (moderate)

erlang27-27.1.3-2.1 on GA media Announcement ID: openSUSE-SU-2026:10947-1 Rating: moderate Cross-References: CVE-2025-4748 CVE-2025-48038 CVE-2025-48039 CVE-2026-21620 CVE-2026-23941 CVE-2026-23942 CVE-2026-23943 CVE-2026-28808 CVE-2026-28810 CVE-2026-32144 CVE-2026-32147 CVE-2026-42789...

CVE-2026-4301

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...

CVE-2026-8239

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with Vector...

CVE-2026-28445

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...

atril-1.28.4-1.1 on GA media (moderate)

atril-1.28.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:10914-1 Rating: moderate Cross-References: CVE-2026-46519 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the atril-1.28.4-1.1...

ffmpeg-7-7.1.4-2.1 on GA media (moderate)

ffmpeg-7-7.1.4-2.1 on GA media Announcement ID: openSUSE-SU-2026:10867-1 Rating: moderate Cross-References: CVE-2024-35366 CVE-2025-10256 CVE-2025-1594 CVE-2025-9951 CVSS scores: CVE-2024-35366 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-35366 SUSE : 6.9...

Cross-site Scripting (XSS)

Overview @typebot.io/js is a Javascript library to display typebots on your website Affected versions of this package are vulnerable to Cross-site Scripting XSS in the RatingButton component when unsanitized SVG or HTML is rendered via the innerHTML directive. An attacker can gain access to sessi...

Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview

Summary The rating block's custom icon feature accepts arbitrary HTML/SVG via the customIcon.svg field and renders it using Solid's innerHTML directive without any sanitization. When a malicious typebot is imported or crafted by a workspace collaborator, the payload executes in the builder's DOM...

GHSA-6M7C-XFHP-P9FH Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview

Summary The rating block's custom icon feature accepts arbitrary HTML/SVG via the customIcon.svg field and renders it using Solid's innerHTML directive without any sanitization. When a malicious typebot is imported or crafted by a workspace collaborator, the payload executes in the builder's DOM...

WordPress CBX 5 Star Rating & Review plugin <= 1.0.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin CBX 5 Star Rating & Review versions = 1.0.7...