Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 4 days ago6 views

CVE-2026-44696

OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text markdown rendering pipeline uses Sanitize::Config::RELAXED:css for inline style sanitization. This configuration permits essentially all CSS properties in style attributes on permitted HTML...

5.7CVSS0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 4 days ago9 views

PT-2026-52899

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.4.0 Description The rich text rendering pipeline uses an overly permissive configuration for inline style sanitization. This allows authenticated users with write access to formattable text fields, such as work...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References3
Snyk
Snykadded 2026/06/12 9:0 p.m.7 views

Improper Encoding or Escaping of Output

Overview fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the toSVG and getSvgStyles/getSvgSpanStyles paths in the gradient, object, and text SVG...

6.1CVSS5.5AI score0.00194EPSS
Exploits1References3
SUSE CVE
SUSE CVEadded 2023/02/15 6:17 a.m.5 views

SUSE CVE-2005-3167

Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs HTML inline style attributes that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting XSS attacks...

4.3CVSS6.1AI score0.0123EPSS
Exploits0References4
SUSE CVE
SUSE CVEadded 2023/02/15 6:16 a.m.4 views

SUSE CVE-2005-4501

MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting XSS attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer...

4.3CVSS6.3AI score0.01438EPSS
Exploits0References4
NVD
NVDadded 2019/09/26 4:15 p.m.17 views

CVE-2019-16524

The easy-fancybox plugin before 1.8.18 for WordPress aka Easy FancyBox is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter...

4.8CVSS4.9AI score0.01024EPSS
Exploits1References3
ThreatPost
ThreatPostadded 2013/06/12 9:29 a.m.9 views

CSP 1.0 Added to Firefox to Block XSS Attacks

After years of discussion and waiting, Mozilla has finally added Content Security Policy 1.0, a defense against some common attacks such as XSS, to its Firefox browser. CSP already has been implemented in Google Chrome and Internet Explorer and there was a limited implementation of it in Firefox...

Exploits0References1
OSV
OSVadded 2005/10/06 10:2 a.m.4 views

DEBIAN-CVE-2005-3167

Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs HTML inline style attributes that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting XSS attacks...

4.3CVSS6.1AI score0.0123EPSS
Exploits0References1
Rows per page
Query Builder