UBUNTU-CVE-2024-28593

The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's UsingChat page says "If you know some HTML code, you can use it in your text to do things like insert image...

PT-2022-36632 · Mozilla · Firefox +2

Name of the Vulnerable Software and Affected Versions: SeaMonkey versions prior to 2.53.14 Description: This issue concerns updates and security fixes for SeaMonkey. The updates include changes to DOM HTML element interfaces such as Embed, Object, Anchor, and others. Additionally, there are fixes...

WordPress Tawk.To Live Chat plugin <= 0.5.5 - Visitor Monitoring & Chat Removal vulnerability

Visitor Monitoring & Chat Removal vulnerability discovered by Quentin VILLAIN 3wsec in WordPress Tawk.To Live Chat plugin versions = 0.5.5. Solution Update the WordPress Tawk.To Live Chat plugin to the latest available version at least 0.6.0...

Tawk.to Live Chat < 0.6.0 - Subscriber+ Visitor Monitoring & Chat Removal

The plugin does not have capability and CSRF checks in the tawktosetwidget and tawktoremovewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users including simple subscribers to change the 'tawkto-embed-widget-page-id' and 'tawkto-embed-widget-widget-i...