Lucene search
K

53 matches found

CVE
CVE
added yesterday8 views

CVE-2026-58657

Grav before 2.0.0 (through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS injection in the Markdown image resize() action. In Excerpts::processMediaActions(), the resize() path writes caller-controlled values directly into the image’s styleAttributes. A low-priv content editor who can edit ...

4.8CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-42267

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS6.1AI score
Exploits0References4
CVE
CVE
added 2026/06/26 7:30 p.m.13 views

CVE-2026-44696

OpenProject prior to 17.4.0: the rich text (markdown) rendering pipeline uses Sanitize::Config::RELAXED[:css], permitting essentially all CSS in style attributes on elements like figure, img, table, th, tr, td. This enables any authenticated user with write access to formattable fields (work pack...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 10:16 p.m.10 views

CVE-2026-54067

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing breaks out of its surrounding tag when renderSnippet interpolates it via insertAdjacentHTML. A payload like runs arbitrary JavaScript in the renderer. On Electron desktop builds the renderer...

9.9CVSS0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/08 2:59 p.m.10 views

CVE-2026-41159

A flaw was found in Mermaid, a JavaScript tool for creating diagrams and charts. A remote attacker could exploit this vulnerability by injecting malicious Cascading Style Sheets CSS through specific configuration options, such as fontFamily, themeCSS, and altFontFamily. This injected CSS can bypa...

5.4CVSS5.3AI score0.00398EPSS
Exploits0References7
NVD
NVD
added 2026/05/29 3:16 p.m.13 views

CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS0.00398EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/29 1:53 p.m.10 views

CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS5.8AI score0.00398EPSS
Exploits0
OSV
OSV
added 2026/05/26 9:16 p.m.6 views

DEBIAN-CVE-2026-44899

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References1
OSV
OSV
added 2026/05/26 9:16 p.m.6 views

UBUNTU-CVE-2026-44899

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/26 8:36 p.m.22 views

EUVD-2026-31992

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

4.7CVSS5.8AI score0.00228EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/26 8:36 p.m.12 views

CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

4.7CVSS5.8AI score0.00228EPSS
Exploits1References2
CVE
CVE
added 2026/05/26 8:36 p.m.20 views

CVE-2026-44899

CVE-2026-44899 – Mistune Image Directive CSS Injection exploits a prefix-only regex in the Image directive’s width/height validation. Before 3.2.1, values starting with digits (e.g., 100vw;…) pass _num_re.match() and are written into style="width:...;" or style="height:...;" without escaping, ena...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/05/25 8:16 p.m.12 views

CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS0.00388EPSS
Exploits0References5
NVD
NVD
added 2026/05/22 11:16 p.m.22 views

CVE-2026-41148

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS0.00338EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/14 4:36 p.m.12 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the renderblockimage function. An attacker can inject arbitrary CSS into the style attribute of an image element by supplying a crafted value to the :width: or :height: option, which is insufficiently validat...

6.1CVSS5.7AI score0.00228EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-41147

Name of the Vulnerable Software and Affected Versions mistune affected versions not specified Description The Image directive plugin fails to properly validate the :width: and :height: options. The validation uses a regular expression that only checks if the value starts with a digit, rather than...

4.7CVSS5.9AI score0.00228EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/05/13 3:1 p.m.10 views

CVE-2026-44458 Hono: CSS Declaration Injection via Style Object Values in JSX SSR

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

4.3CVSS5.9AI score0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:1 p.m.7 views

CVE-2026-44458

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

4.3CVSS5.9AI score0.00197EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/11 7:37 p.m.4 views

GHSA-87F9-HVMW-GH4P Mermaid: Improper sanitization of configuration leads to CSS injection

Impact Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options. Live demo: mermaid.live Example code: %%init: "fontFamily": "x;ab :not&background:green !important cd"%% flowchart LR A --...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References8
OSV
OSV
added 2026/05/11 7:36 p.m.5 views

GHSA-XCJ9-5M2H-648R Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Details The state diagram and any other diagram type that routes user-controlled style strings through createCssStyles parser for Mermaid v11.14.0 and earlier captures classDef values with an unrestricted regex: jison // packages/mermaid/src/diagrams/state/parser/stateDiagram.jison:83 ^\n...

5.3CVSS5.8AI score0.00338EPSS
Exploits0References8
Rows per page
Query Builder