CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

FreeBSD : Roundcube -- Multiple vulnerabilities (f301a241-04d3-11f1-a38c-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f301a241-04d3-11f1-a38c-8447094a420f advisory. The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass vi...

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass via SVG content...

CVE-2025-41768 Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

Beckhoff Automation TwinCAT 3 HMI Server Cross-site Scripting Vulnerability

Beckhoff Automation TwinCAT 3 HMI Server is a data transmission and permission management component developed by the American company Beckhoff Automation. The Beckhoff Automation TwinCAT 3 HMI Server has a cross-site scripting vulnerability. This vulnerability allows authenticated administrators ...

CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability

CSS Injection vulnerability discovered by Krissaphat Jankaew in WordPress Plugin Easy Media Download versions = 1.1.11...

CVE-2025-69169 WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through = 1.1.11...

CVE-2025-69169 WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through = 1.1.11...

CVE-2025-69169

CVE-2025-69169 pertains to the WordPress plugin Easy Media Download (easy-media-download). It describes an authenticated (Contributor+) stored cross-site scripting (XSS) flaw affecting version 1.1.11 or earlier, where user-supplied input (likely via shortcode/HTML elements) can be stored and late...

CVE-2019-16108

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

Impact Users importing contacts from untrusted sources. Specifically crafted contact data can lead to some of DOM modifications for the link button next to the field e.g. the link address can be overriden. CSS can be manipulated to give the button arbitrary look and change it's size so that any...

EUVD-2025-204591

Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature...

CVE-2025-66469

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...

NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection

Summary A Cross-Site Scripting XSS vulnerability exists in ui.addcss, ui.addscss, and ui.addsass functions in NiceGUI v3.3.1 and earlier. These functions allow developers to inject styles dynamically. However, they lack proper sanitization or encoding for the JavaScript context they generate. An...

PT-2025-49681

Name of the Vulnerable Software and Affected Versions NiceGUI versions 3.3.1 and below Description NiceGUI, a Python-based UI framework, has an issue where the ui.add css, ui.add scss, and ui.add sass functions do not properly sanitize or encode JavaScript contexts. This allows an attacker to...

Nextcloud 跨站脚本漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud versions prior to 5.5.4, prior to 6.0.6, and prior to 7.2.5, which stems from a malicious user bei...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the CSS-to-JavaScript module conversion feature. An attacker can execute arbitrary JavaScript code by injecting $... expressions into CSS files, which are then evaluated when the resulting JavaScript module i...

WordPress Qi Blocks plugin missing authorization vulnerability

WordPress Qi Blocks plugin is a WordPress plugin developed by QodeInteractive, providing 81 customized Gutenberg blocks including 48 free modules and 33 premium modules, supporting WooCommerce, SEO and other 9 categories of functionality, creating complex layouts and integrating 550+ templates. A...