Cacti Cross-Site Scripting Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti suffers from a cross-site scripting vulnerability that stems from the...

CVE-2023-24401

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Davidsword Mobile Call Now & Map Buttons plugin = 1.5.0 versions...

WordPress plugin mobile-call-now-map-buttons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-40735

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cavo – Connecting for a Safer World BUTTERFLY BUTTON Architecture flaw allows loss of plausible deniability and confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21...

CVE-2023-40735

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cavo – Connecting for a Safer World BUTTERFLY BUTTON Architecture flaw allows loss of plausible deniability and confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21...

Improper access control

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON Architecture flaw allows loss of plausible deniability and confidentiality. This issue affects BUTTERFLY BUTTON: As of 2023-08-21...

CVE-2023-40735 Butterfly Button Project - Sensitive Information Disclosure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cavo – Connecting for a Safer World BUTTERFLY BUTTON Architecture flaw allows loss of plausible deniability and confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21...

CVE-2023-40735

CVE-2023-40735 concerns an exposure of sensitive information to an unauthorized actor in the BUTTERFLY BUTTON project (Butterfly Button). The issue is described as an architecture flaw that can compromise confidentiality and plausible deniability. The CVSS 3.1 metrics (NVD and CNA sources) assign...

Butterfly Button 安全漏洞

Butterfly Button is an application by the individual developers of TheButterflySDK who are actively involved in the fight against domestic violence. Butterfly Button suffers from a security vulnerability that stems from the presence of unauthorized behavior that can lead to the disclosure of...

PT-2023-27611 · Unknown · Butterfly Button

Name of the Vulnerable Software and Affected Versions: BUTTERFLY BUTTON affected versions not specified Description: The issue is related to an Exposure of Sensitive Information to an Unauthorized Actor vulnerability, which is caused by an architecture flaw. This flaw allows for the loss of...

CVE-2023-2254

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...

CVE-2023-2254

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...

Cross site scripting

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...

CVE-2023-2254

CVE-2023-2254 affects the Ko-fi Button WordPress plugin prior to v1.3.3. Root cause: improper handling of plugin settings enables Admin+ Stored XSS, even if unfiltered_html is disabled. Impact is described as low risk (per several sources). The fix is to update to v1.3.3 or later (patched version...

CVE-2023-2254 Ko-fi Button < 1.3.3 - Admin+ Stored XSS

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...

WordPress Plugin Ko-fi Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-18557 · WordPress · Ko-Fi Button

Name of the Vulnerable Software and Affected Versions: Ko-fi Button WordPress plugin versions prior to 1.3.3 Description: The issue concerns the Ko-fi Button WordPress plugin, which does not properly handle some of its settings. This could allow high-privilege users to perform Stored Cross-Site...

PT-2023-18059 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a possible permanent denial of service DoS due to resource exhaustion in the setMediaButtonBroadcastReceiver function of MediaSessionRecord.java. This could lead...

Google Wear OS Security Vulnerability

Google Wear OS is a Google-developed operating system from Google, Inc. designed for use in smartwatches, smart bands, and other wearable devices. Google Wear OS suffers from a security vulnerability that stems from a lack of privilege checking in the getIntentForButton module of...

PT-2023-18017 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software name or version is mentioned in the provided descriptions. Description: The issue is related to a missing permission check in the getIntentForButton method of ButtonManager.java. This could allow an unprivileged applicati...