Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3...

CVE-2023-51371

The CVE-2023-51371 entry concerns the WordPress Bit Assist Plugin (

CVE-2023-51371 WordPress Bit Assist Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...

CVE-2023-51399

The CVE-2023-51399 affects the WordPress WPFactory Back Button Widget plugin (versions ≤ 1.6.3). Root cause: improper neutralization of input during web page generation, enabling Stored XSS. Impact: stored XSS in widget output; PRI/impact as documented (low confidentiality, integrity, availabilit...

CVE-2023-51399 WordPress Back Button Widget Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3...

CVE-2023-31292

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO 6.3.8.6 718, allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack...

CVE-2023-31292

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO 6.3.8.6 718, allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack...

Authentication flaw

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO 6.3.8.6 718, allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack...

CVE-2023-31292

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO 6.3.8.6 718, allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack...

CVE-2023-31292

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO 6.3.8.6 718, allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack...

WordPress Plugin Back Button Widget Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Sesami Cash Point & Transport Optimizer Security Vulnerability

Sesami Cash Point & Transport Optimizer is a solution from Sesami Corporation. A security vulnerability exists in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6, which stems from an unknown issue. The vulnerability allows a local attacker to obtain sensitive information and bypass...

PT-2023-31807 · Wpfactory · Wpfactory Back Button Widget

Name of the Vulnerable Software and Affected Versions: WPFactory Back Button Widget versions 1.6.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attack...

WordPress Floating Button Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Floating Button Type Plugin Vulnerable versions = 6.0 Fixed in 6.0.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52149 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 33e4d5b87e73 Credits Skalucy Required...

WordPress Back Button Widget Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Back Button Widget Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51399 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9ff3d6bccb6d Credits Ngô Thiên An ancorn from VNPT-VCI...

Click Jacking

Firefox is vulnerable to Click Jacking. The vulnerability is caused due to the fact that the timing of a button click causing a popup to disappear is approximately the same length as the anti-clickjacking delay on permission prompts. An attacker can exploit this to surprise users by luring them t...

Nautobot missing object-level permissions enforcement when running Job Buttons

Impact When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have permission to run Jobs in general?. Object-level permissions i.e., does the user have permission to run this specific Job? are not enforced by the URL/view used ...

PYSEC-2023-287

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...

CVE-2023-51649 Nautobot missing object-level permissions enforcement when running Job Buttons

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...

Nautobot Security Vulnerability

Nautobot is a web automation platform from the individual developers of Nautobot. A security vulnerability exists in Nautobot version 1.5.14 and earlier, which stems from not checking object-level permissions when submitting a job to be run via the Job Button...