MAL-2024-8001 Malicious code in uitk-react-experimental-button-tabs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74d35a0704d9415d237418973ea82b6c991e02af5b2381fc696268805ff39a30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-7100

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btbbbutton shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

PT-2024-38075 · WordPress · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: The Bold Page Builder plugin for WordPress versions up to, and including, 5.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's bt bb button shortcode due to insufficient input sanitization and output escapin...

CVE-2024-6703

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btntxt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output...

PT-2024-37810 · Fluent Forms · Contact Form Plugin By Fluent Forms

Name of the Vulnerable Software and Affected Versions: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.19 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-2063)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-37217

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8...

CVE-2024-37217

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8...

PT-2024-27385 · Woocommerce · Empty Cart Button For Woocommerce

Name of the Vulnerable Software and Affected Versions: Empty Cart Button for WooCommerce versions 1.3.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. There i...

CVE-2024-38718

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in clicklabs® Medienagentur Download Button for Elementor allows Stored XSS.This issue affects Download Button for Elementor: from n/a through 1.2.1...

CVE-2024-38718 WordPress Download Button for Elementor plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in clicklabs® Medienagentur Download Button for Elementor allows Stored XSS.This issue affects Download Button for Elementor: from n/a through 1.2.1...

CVE-2024-38718 WordPress Download Button for Elementor plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in clicklabs® Medienagentur Download Button for Elementor allows Stored XSS.This issue affects Download Button for Elementor: from n/a through 1.2.1...

CVE-2024-38718

CVE-2024-38718 is a stored XSS in the WordPress plugin Download Button for Elementor affecting versions up to 1.2.1. Affected component is the Download Button for Elementor; root cause is improper neutralization of input during web page generation. Public references (NVD/CVE records and Wordfence...

PT-2024-28163 · Clicklabs Medienagentur · Clicklabs Medienagentur Download Button For Elementor

Name of the Vulnerable Software and Affected Versions: clicklabs Medienagentur Download Button for Elementor versions 1.2.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored...

WordPress Zenon Lite theme <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Zenon Lite versions = 1.9...

PT-2024-37275 · WordPress · Zenon Lite

Name of the Vulnerable Software and Affected Versions: Zenon Lite theme for WordPress versions up to, and including, 1.9 Description: The issue arises from insufficient input sanitization and output escaping in the url parameter within the theme's Button shortcode, allowing authenticated attacker...

CVE-2024-3026 WordPress Button Plugin MaxButtons < 9.7.8 - Editor+ Stored XSS

The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...

Disable Restart Button While Desktops are Restarting

This article describes how to configure the StoreFront to ignore clicks on “Restart” while desktop is powering off and while it is powering on again. Background When the user’s desktop is restarting, there might be issues if they repeatedly click on the desktop...

GHSA-VXMC-5X29-H64V Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...