GHSA-6M7C-XFHP-P9FH Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview

Summary The rating block's custom icon feature accepts arbitrary HTML/SVG via the customIcon.svg field and renders it using Solid's innerHTML directive without any sanitization. When a malicious typebot is imported or crafted by a workspace collaborator, the payload executes in the builder's DOM...

CVE-2026-28445

CVE-2026-28445 affects Typebot up to version 3.15.2, where the RatingButton embed component renders user-controlled customIcon.svg via Solid innerHTML without sanitization, despite DOMPurify being present elsewhere. Because rating blocks aren’t flagged as unsafe by the import sanitizer and the bu...

EUVD-2019-5466

Malware in sbrugna...

EUVD-2023-53158

Malicious code in bioql PyPI...

CVE-2019-14216

An issue was discovered in the svg-vector-icon-plugin aka WP SVG Icons plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file...

CVE-2023-49153

Cross-Site Request Forgery CSRF vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon.This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0...

CVE-2023-49153

Cross-Site Request Forgery CSRF vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon.This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon.This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0...

CVE-2023-49153

CVE-2023-49153 corresponds to the WordPress plugin Add to Cart Text Changer and Customize Button, Add Custom Icon (

CVE-2023-49153 WordPress Add to Cart Text Changer and Customize Button, Add Custom Icon Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon.This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0...

WordPress Plugin Add to Cart Text Changer and Customize Button, Add Custom Icon Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Add to Cart Text Changer a...

WordPress Add to Cart Text Changer and Customize Button, Add Custom Icon Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Add to Cart Text Changer and Customize Button, Add Custom Icon Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49153 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PS...

AVIator - Antivirus Evasion Project

AviAtor Ported to NETCore 5 with an updated UI AV|Ator About ://name AV : AntiVirus Ator : Is a swordsman, alchemist, scientist, magician, scholar, and engineer, with the ability to sometimes produce objects out of thin air https://en.wikipedia.org/wiki/Ator About ://purpose AV|Ator is a backdoor...

WordPress WP SVG Icons plugin remote code execution vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP SVG Icons plugin version 3.2.3 and prior versions contain a remote code execution...

CVE-2019-14216

An issue was discovered in the svg-vector-icon-plugin aka WP SVG Icons plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file...

How to Change Desktop Icon for All Delivery Groups

This document outlines how to change Desktop Icon for All Delivery Groups in XD 7.X using storefront 2.X or 3.X. Changes If you are publishing both XenApp desktops and XenDesktop desktops you may want to change the default Xendesktop Icon to Custom Icon. XenDesktop desktop has the default icon as...