BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.

BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion.

Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable (OTP) AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01.

Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The ClickShare Button does not verify the integrity of the mutable content on the UBIFS partition before being used.

The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS.

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An attacker who is able to perform a Man-in-the-Middle attack between the TLS connection, is able to obtain the encryption key.

The ad-buttons plugin before 2.3.2 for WordPress has XSS.

The twitter-plugin plugin before 2.55 for WordPress has XSS.

The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues.

The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS.