Astra Linux - уязвимость в chromium

Insufficient validation of untrusted inputs in the Sharing feature of Google Chrome before version 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions through a crafted click-to-call link...

WordPress Zingaya Click-to-Call plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin Zingaya Click-to-Call versions = 1.0...

CVE-2026-6696 Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

CVE-2026-6696

CVE-2026-6696 concerns the Zingaya Click-to-Call plugin for WordPress. The connected documents confirm a Reflected Cross-Site Scripting vulnerability on the plugin’s sign-up admin page, affecting all versions up to and including 1.0. The root cause is insufficient input sanitization and output es...

WordPress plugin Zingaya Click-to-Call 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2023-25710

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin = 1.4.0 versions...

EUVD-2023-29620

Malicious code in bioql PyPI...

CVE-2023-25710

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin = 1.4.0 versions...

CVE-2023-25710

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin = 1.4.0 versions...

CVE-2023-25710

CVE-2023-25710 affects the WordPress plugin DigitalBLUE Click to Call or Chat Buttons up to version 1.4.0. The issue is a Stored Cross-Site Scripting (XSS) vulnerability requiring admin+ privileges. The root cause is an XSS flaw stored in the plugin, with impact limited to confidentiality and int...

WordPress plugin Click to Call or Chat Buttons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

SUSE CVE-2021-30589

Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link...

Click to Call or Chat Buttons < 1.5.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Click to Call or Chat Buttons Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Click to Call or Chat Buttons Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25710 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b77be6455269 Credits yuyudhn...

CVE-2021-30589

Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link...

DEBIAN-CVE-2021-30589

Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link...

UBUNTU-CVE-2021-30589

Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link...

CVE-2021-30589

Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link...

New tech support scam launches communication or phone call app

A new tech support scam technique streamlines the entire scam experience, leaving potential victims only one click or tap away from speaking with a scammer. We recently found a new tech support scam website that opens your default communication or phone call app, automatically prompting you to ca...

Skype Click to Call Update Service local privilege escalation

Vuln Title: Skype Click to Call Update Service local privilege escalation Date: 10.12.2012 Author: otr Software Link: http://www.skype.com Vendor: Microsoft Corporation Version: = 6.2.0.106 Tested on: Windows 7, Windows XP Type: Privilege Escalation, DLL Hijacking CVE : MS does not assign CVE for...