435 matches found
SUSE CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
CSS injection using component islands and useHead
Description After a component island render, the resulting head is regex'd for tags. This regex is not very robust and can be tricked, allowing for CSS injection. Proof of Concept app.vue vue Nuxt 3 Playground const title = ref nuxt.config.ts ts export default defineNuxtConfig experimental:...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to CSS injection due to Swagger CVE-2019-17495
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to CSS injection due to Swagger CVE-2019-17495 with details below Vulnerability Details CVEID:CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection...
CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
DEBIAN-CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
Design/Logic Flaw
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
CVE-2022-31744
CVE-2022-31744 involves an CSS injection flaw that could let an attacker inject CSS into stylesheets accessible via internal URIs (e.g., resource:) and bypass a page's Content Security Policy. Affected products include Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Fire...
CVE-2022-46162
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
Design/Logic Flaw
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
PT-2022-27779 · Discourse · Discourse-Bbcode
Name of the Vulnerable Software and Affected Versions: discourse-bbcode versions prior to commit 91478f5 Description: The issue affects sites with the discourse-bbcode plugin installed and enabled, allowing CSS injection when rendering content generated with the plugin. As a workaround, enabling...
CVE-2022-46162
CVE-2022-46162 concerns the discourse-bbcode plugin for Discourse. Prior to commit 91478f5, rendering content generated with the plugin could trigger CSS injection, affecting sites with the plugin installed and enabled. The issue is patched in commit 91478f5. A practical workaround is to enable a...
CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
CVE-2022-35739
PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets CSS data is inserted into the style tag, loading...