131 matches found
Google Chrome CSS Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from a mix-up of instructions responsible for freeing memory in CSS. An attacker can exploit the vulnerability to cause a...
The vulnerability of the clean-css application software library at Avora Center, related to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the clean-css application software of Aurora Center relates to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures by using a specially crafted regular expression...
UBUNTU-CVE-2020-6539
Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2020-15654
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...
chromium-browser: Use after free in CSS
Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
MGASA-2020-0167 Updated mediawiki packages fix security vulnerability
Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.7, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because...
Google Chrome Code Injection Vulnerability
Google Chrome is a web browser from Google, an American company. A code injection vulnerability exists in versions of Google Chrome prior to 78.0.3904.70, which stems from the program not performing proper input validation when processing CSS files. An attacker can exploit the vulnerability to...
CVE-2015-9406
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. dot dot in the files parameter to css/css.php...
0303-lb3-paket (=1.0.1), 04_nodeblog (=1.0.0) +8447 more potentially affected by unknown CVE via clean-css (>=0.10.0 <=4.1.1)
clean-css NPM version =0.10.0, =0.0.1, =3.1.4, =1.0.3, =3.1.6, =1.0.1, =1.0.0, =1.0.0, =0.1.1, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WXHQ-PM8V-CW75...
CVE-2017-7847
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...
Code injection
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote...
vcanbuy.com XSS vulnerability
Open Bug Bounty ID: OBB-500607 Description| Value ---|--- Affected Website:| vcanbuy.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based o...
CVE-2017-7961
The crtknzrparsergb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a...
CVE-2016-8999
IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS...
CVE-2014-7295
The 1 Special:Preferences and 2 Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting XSS attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying...
CVE-2013-6388
Cross-site scripting XSS vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS...
CVE-2013-6388
Removed by vendor...
Memory corruption
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets CSS token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption...
CVE-2010-4043
Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document...
Cross site scripting
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scriptin...