CVE-2022-46162

discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...

CSS Injection

contao/comments-bundle is vulnerable to CSS Injection. The vulnerability is due to insufficient input validation and sanitization within the BBCode parsing mechanism in Comments.php, allowing attackers to inject CSS styles via comments...

GHSA-J55W-HJPJ-825G Contao: Insufficient BBCode sanitizer

Impact If BBCode is enabled for comments, users can inject CSS styles. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Disable BBCode for comments. References https://contao.org/en/security-advisories/insufficient-bbcode-sanitization For more information If you have any questions or commen...

Contao: Insufficient BBCode sanitizer

Impact If BBCode is enabled for comments, users can inject CSS styles. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Disable BBCode for comments. References https://contao.org/en/security-advisories/insufficient-bbcode-sanitization For more information If you have any questions or commen...

CVE-2024-28234

Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. A...

CVE-2024-28234 Contao has insufficient BBCode sanitizer

Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. A...

CVE-2024-28234

Contao is affected when BBCode is enabled for comments, allowing CSS injection via BBCode in user comments. The issue affects Contao 2.0.0 and earlier, and versions prior to 4.13.40 and 5.3.4. Patch versions are Contao 4.13.40 and 5.3.4, which fix the vulnerability. As a workaround, disable BBCod...

CVE-2024-28234 Contao has insufficient BBCode sanitizer

Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. A...

CVE-2024-28234 Contao has insufficient BBCode sanitizer

Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. A...

Contao 安全漏洞

Contao is an open source content management system CMS developed in PHP. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 4.x prior to version 4.13.40 and version 5.x prior to version 5.3.4, which stems from the ability t...

Insufficient BBCode sanitization

Date : 2024-04-09 CVE ID : CVE-2024-28234 If BBCode is enabled for comments, users can inject CSS styles. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao 4.9 Contao 4.10 Contao 4.11 Contao 4.12 Contao 4.13 up to 4.13.39...

PT-2024-22349 · Contao · Contao

Name of the Vulnerable Software and Affected Versions: Contao versions 2.0.0 through 4.13.39 Contao versions 5.0.0 through 5.3.3 Description: The issue allows injection of CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled for comments. Recommendations: For...

CVE-2024-26495

Cross Site Scripting XSS vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function...

CVE-2024-26495

Cross Site Scripting XSS vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function...

Friendica 安全漏洞

Friendica is an application of the German Friendica community. Provides decentralized social networking. A security vulnerability exists in Friendica versions after v.2023.12. A remote attacker could exploit the vulnerability to execute arbitrary code and obtain sensitive information via BBCode...

CVE-2024-26495

Cross Site Scripting XSS vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function...

CVE-2024-26495

CVE-2024-26495 affects Friendica versions after 2023.12. The vulnerability is Cross Site Scripting (XSS) in BBCode handling for post content and comments, enabling a remote attacker to obtain sensitive information. The root cause is an XSS flaw in processing BBCode; exploitation details are not p...

PT-2024-21407 · Friendica · Friendica

Name of the Vulnerable Software and Affected Versions: Friendica versions after v.2023.12 Description: The issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function. This is a Cross Site Scripting X...

BIT-LIVEHELPERCHAT-2020-26134

Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode...

AsmBB 跨站脚本漏洞

AsmBB is johnfound open source a modern web forum engine . AsmBB v2.9.1 version of a security vulnerability , the vulnerability stems from MiniMag.asm and bbcode.asm inventory in the security problem , resulting in cross-site scripting XSS...