SUSE CVE-2005-4636

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings...

SUSE CVE-2008-3422

Multiple cross-site scripting XSS vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to 1 HtmlControl.cs PreProcessRelativeReference, 2 HtmlForm.cs RenderAttributes, 3 HtmlInputButton...

SUSE CVE-2012-0458

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which...

SUSE CVE-2013-1998

Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service crash and possibly execute arbitrary code via crafted length or index values to the 1 XGetDeviceButtonMapping, 2 XIPassiveGrabDevice, and 3 XQueryDeviceState functions...

SUSE CVE-2013-7273

GNOME Display Manager gdm 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service unable to login by pressing the cancel button after entering a user name...

SUSE CVE-2014-1489

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service session restore via a crafted web site...

SUSE CVE-2015-1245

Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/locationbar/openpdfinreaderview.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other...

SUSE CVE-2019-20386

An issue was discovered in buttonopen in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.5.12) +109 more potentially affected by CVE-2023-24580 via django (>=3.2.0 <=3.2.17)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =6.2.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =0.1.26, =0.1.27 - botbuilder-applicationinsights =4.14.3 and more Source cves: CVE-2023-24580 Source advisory: OSV:GHSA-2HRW-HX67-34X6...

Butterfly Button 安全漏洞

Butterfly Button is an app from the individual developers of TheButterflySDK who are actively involved in the fight against domestic violence. Butterfly Button suffers from a security vulnerability that stems from the possibility of leaving traces of use on a user's device...

Podlove Subscribe button < 1.3.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-24499

CVE-2023-24499 concerns the Butterfly Button plugin, which may leave traces of its use on a user’s device. Public data reports an impact to confidentiality (traceability of usage) with a CVSSv3.1 base score around 4.3–4.6 (medium). The vulnerability is described in terms of residual traces rather...

WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Software Podlove Subscribe button Type Plugin Vulnerable versions = 1.3.7 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25479 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ce8b8c58ff2d Credits yuyudhn Requir...

WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Podlove Subscribe button Type Plugin Vulnerable versions = 1.3.7 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25481 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 87331aa50a18 Credits yuyudhn...

Podlove Subscribe button < 1.3.9 - Multiple CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions such as create/update/delete buttons, as well update/create formats via CSRF attacks...

FireCask Like & Share Button < 1.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-24499 Butterfly Button plugin may leave traces of its use on user's device

Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use...

CVE-2023-24499 Butterfly Button plugin may leave traces of its use on user's device

Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use...

WordPress FireCask Like & Share Button Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software FireCask Like & Share Button Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25783 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 548935e36490 Credits Rio Darmawan...

CVE-2022-4628

The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...