Coming Soon & Maintenance Plugin by NiteoThemes < 4.0.19 - Unauthenticated Arbitrary CSS Update

The plugin allows any user, even not logged in, to arbitrarily change the coming soon page layout. PoC wget 127.0.0.1:8001...

CSS Injection

chartkick is vulnerable to CSS injection. A remote attacker is able to inject arbitrary CSS without attributes...

CVE-2019-16108

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

CVE-2019-16108

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

CVE-2018-21033

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets CSS token sequence. Hitachi Command Suite includes...

Cross-site Scripting (XSS)

PrimeFaces is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the p:colorPicker variable, allowing a malicious user to inject arbitrary CSS...

phpMyAdmin 4.0.10.x < 4.0.10.19 / 4.4.15.x < 4.4.15.10 / 4.6.x < 4.6.6 Multiple Vulnerabilities

Binary data 9936.prm...

WordPress Crayon Syntax Highlighter Plugin <= 2.6.10 - Defacement

Because of this vulnerability, attackers can craft the user provided parameters in such a way that it becomes possible to overwrite base themes with arbitrary CSS. Solution Update plugin...

FreeBSD : drupal6 -- multiple vulnerabilities (1acf9ec5-877d-11e0-b937-001372fd0af2)

Drupal Team reports : A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. The issue can be mitigated by disabling on-scree...