Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Swagger UI (CVE-2019-17495)

Summary A Security Vulnerability affects IBM Cloud Private - Swagger UI Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based...

CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

DEBIAN-CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

Input validation

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

UBUNTU-CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

CVE-2019-13714

The CVE-2019-13714 entry concerns Google Chrome before 78.0.3904.70, where insufficient validation of untrusted input in the Color Enhancer extension can allow CSS injection into an HTML page via a crafted URL. Affected product: Google Chrome (earlier than 78.0.3904.70). Root cause/impact: CSS in...

chromium-browser: CSS injection

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

GitLab: Double linking cause XSS (but blokeced by CSP in gitlab.com)

Summary URL display on Gitlab.com is currently broken. There is a risk of XSS due to double conversion of URLs into links. However, 12.5 incorporating the fix has not yet been released and is blocked by CSP at gitlab.com. Steps to reproduce 1. Login to gitlab.com 2. Create new project 3. Create a...

openSUSE Security Update : chromium / re2 (openSUSE-2019-2420)

This update for chromium, re2 fixes the following issues : Chromium was updated to 78.0.3904.70 boo1154806 : - CVE-2019-13699: Use-after-free in media - CVE-2019-13700: Buffer overrun in Blink - CVE-2019-13701: URL spoof in navigation - CVE-2019-13702: Privilege elevation in Installer -...

Security update for chromium, re2 (important)

openSUSE Security Update: Security update for chromium, re2 Announcement ID: openSUSE-SU-2019:2425-1 Rating: important References: 1154806 Cross-References: CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707...

Security update for chromium, re2 (important)

openSUSE Security Update: Security update for chromium, re2 Announcement ID: openSUSE-SU-2019:2420-1 Rating: important References: 1154806 Cross-References: CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707...

KLA11714 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Cross-origin data leak vulnerability can be exploited to arbitrary code executio...

Google Chrome Security Updates (stable-channel-update-for-desktop_22-2019-10) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

KLA11588 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in media can be exploited to arbitrary code execution; 2. Buffer overrun vulnerability in...

GHSA-C427-HJC3-WRFW Cross-site scripting in Swagger-UI

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

Cross-site scripting in Swagger-UI

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

CSS Injection

swagger-ui is vulnerable to CSS injection. The ?url= parameter allows an attacker to override a hard-coded schema file, which would enable for the Relative Path Overwrite RPO exploit technique, allowing exfiltration of confidential information from a victim's browser such as the CSRF token value...