Hono 注入漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.18 had an injection vulnerability. This vulnerability stemmed from the JSX renderer’s tendency to escape HTML values of style property objects without escaping them with CSS. As a result, unexpect...

CVE-2026-42857

Open edX Platform is affected by CVE-2026-42857 due to the HTML sanitizer in clean_thread_html_body() not removing tags from user-generated discussion content in email notifications. This allows enrolled students to inject arbitrary CSS into emails rendered with Django’s |safe template filter, e...

CVE-2026-31873 Unhead has a Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

CVE-2019-16250

includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets CSS token sequence...

PT-2023-32551 · WordPress · Mainwp Dashboard

Name of the Vulnerable Software and Affected Versions: MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress versions up to, and including, 4.5.1.2 Description: The issue allows authenticated attackers with administrator-level access to inject arbitrary CSS...