CVE-2026-27680 CSS Injection vulnerability in SAP NetWeaver Application Server ABAP

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

SAP NetWeaver Application Server ABAP 安全漏洞

SAP NetWeaver Application Server ABAP is a platform used by SAP, a German company, for the operation and development of applications written in the ABAP language. There is a security vulnerability in SAP NetWeaver Application Server ABAP, which arises from improper handling of inputs under certai...

unhead 跨站脚本漏洞

unhead is a document header and template manager developed by UnJS. Versions of unhead prior to 2.1.11 contained a cross-site scripting vulnerability. This vulnerability stemmed from the link.href check being case-sensitive, which could allow attackers to inject arbitrary CSS for UI masking or da...

CVE-2025-41768

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

CVE-2024-13883

The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...