744 matches found
NPM: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
NPM: PostCSS has XSS via Unescaped in its CSS Stringify Output vulnerability discovered by ? in WordPress Npm postcss versions 8.5.10...
GHSA-QX2V-QP2M-JG93 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
PostCSS: XSS via Unescaped in CSS Stringify Output Summary PostCSS v8.5.5 latest does not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS values breaks out of the style context, enabling XSS. Proof of Concept...
Cross-site Scripting (XSS)
Overview org.webjars.npm:postcss is a PostCSS is a tool for transforming styles with JS plugins. Affected versions of this package are vulnerable to Cross-site Scripting XSS in CSS Stringify Output. An attacker can execute arbitrary JavaScript code in the context of the affected web page by...
Cross-site Scripting (XSS)
Overview postcss is a PostCSS is a tool for transforming styles with JS plugins. Affected versions of this package are vulnerable to Cross-site Scripting XSS in CSS Stringify Output. An attacker can execute arbitrary JavaScript code in the context of the affected web page by submitting crafted CS...
CVE-2026-41305
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
DEBIAN-CVE-2026-41305
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
UBUNTU-CVE-2026-41305
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
CVE-2026-41305
PostCSS (driver: CSS AST stringify) has an XSS risk in versions prior to 8.5.10 due to unescaped sequences when embedding user CSS into HTML tags. The issue arises when CSS is parsed into an AST and then re-stringified for embedding. Version 8.5.10 fixes the problem. Affected products: PostCSS;...
EUVD-2026-25383
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
CVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
CVE-2026-41305
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
CVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
CVE-2026-41305
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
PostCSS 跨站脚本漏洞
PostCSS is an open-source style transformation tool developed by PostCSS. Versions of PostCSS prior to 8.5.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of the sequence during CSS stringification using the CSS AST. As a result, when the...
Malicious code in postcss-hotfix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5b4d8ad8f9c133d2d8680b4d666d442b455bbd1579dea5cd5582a883fc4f0b5 The package postcss-hotfix was found to contain malicious code...
MAL-2026-1822 Malicious code in postcss-hotfix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5b4d8ad8f9c133d2d8680b4d666d442b455bbd1579dea5cd5582a883fc4f0b5 The package postcss-hotfix was found to contain malicious code...
org.webjars.npm:cssnano (=5.1.14), org.webjars.npm:cssnano-preset-default (=5.2.13) +2 more potentially affected by CVE-2026-29074 via org.webjars.npm:svgo (=2.8.0)
org.webjars.npm:svgo MAVEN version =2.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:svgo and may be impacted: - org.webjars.npm:cssnano =5.1.14 - org.webjars.npm:cssnano-preset-default =5.2.13 - org.webjars.npm:esbuild-plugin-svg...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Improper Input Validation due to postcss
Summary postcss is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepa...
Security Bulletin: Vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookie might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookier. Vulnerabilities include an attacker is able to brute force something that was supposed to be random, ...
EUVD-2025-178274
Malicious code in jest-titan-postcss-loader-galaxy npm...