Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

Vulnrichment
Vulnrichmentadded 2025/04/26 12:0 a.m.4 views

CVE-2025-46654

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file...

4.9CVSS5AI score0.00212EPSS
Exploits1References2
Huntr
Huntradded 2023/02/09 6:3 p.m.30 views

File Upload lead to Stored XSS bypass csp

Description Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. 1-Login to your application and create a Store called “Test” make all the...

4.9CVSS5.3AI score0.00476EPSS
Exploits1References1
Debian CVE
Debian CVEadded 2022/05/26 12:0 a.m.44 views

CVE-2022-22577

An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses...

6.1CVSS5.6AI score0.01594EPSS
Exploits0
Ubuntu
Ubuntuadded 2021/12/09 6:55 p.m.83 views

USN-5186-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass CSP restrictions, or execute arbitrary cod...

8.8CVSS7.5AI score0.0202EPSS
Exploits0
OSV
OSVadded 2019/09/04 12:0 a.m.3 views

UBUNTU-CVE-2019-11738

If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...

6.3CVSS7.4AI score0.01447EPSS
Exploits1References4
NVD
NVDadded 2019/02/28 6:29 p.m.21 views

CVE-2018-12398

By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy CSP. This vulnerability affects Firefox 63...

6.5CVSS7.1AI score0.01617EPSS
Exploits0References6
Cvelist
Cvelistadded 2019/02/28 6:0 p.m.23 views

CVE-2018-12398

By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy CSP. This vulnerability affects Firefox 63...

7.1AI score0.01617EPSS
Exploits0References6
CVE
CVEadded 2019/02/28 6:0 p.m.151 views

CVE-2018-12398

CVE-2018-12398 affects Firefox versions earlier than 63.0 and allows CSP bypass via stylesheet injection using a reflected URL in certain resource URIs (e.g., chrome:). Affected products are Firefox

6.5CVSS7AI score0.01617EPSS
Exploits0References6Affected Software1
OpenVAS
OpenVASadded 2018/10/26 12:0 a.m.52 views

Ubuntu: Security Advisory (USN-3801-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.03924EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2018/10/24 12:0 a.m.28 views

CVE-2018-12398

By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy CSP. This vulnerability affects Firefox 63...

6.5CVSS6.9AI score0.01617EPSS
Exploits0References3
Rows per page
Query Builder