Lucene search
K

9 matches found

CVE
CVE
added 11 hours ago8 views

CVE-2026-44767

The CVE-2026-44767 issue arises from setThemeRoot() not enforcing the sap-allowed-theme-origins allowlist, allowing an attacker-controlled absolute cross-origin URL to be stored and used in a element even without a sap-allowed-theme-origins meta tag. The same bypass is reachable via the ?sap-the...

6.1CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 11 hours ago9 views

CVE-2026-44767 Allowlist Bypass in setThemeRoot() Enables Cross-Origin CSS Injection

setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...

6.1CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.8 views

CVE-2025-68467

Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...

3.4CVSS5.8AI score0.00108EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 9:53 p.m.4 views

CVE-2025-68467

Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...

3.4CVSS5.8AI score0.00108EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.9 views

PT-2026-23066

Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...

3.4CVSS5.8AI score0.00108EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.5 views

SUSE CVE-2010-0651

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive...

4.3CVSS6AI score0.0175EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.7 views

SUSE CVE-2010-0653

Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document...

4.3CVSS6.6AI score0.01829EPSS
Exploits1References4
OSV
OSV
added 2016/05/31 12:0 a.m.6 views

UBUNTU-CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...

5.3CVSS7.3AI score0.01127EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/07/21 1:0 a.m.12 views

firefox: cross-domain information disclosure

Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which...

4.3CVSS7.4AI score0.01867EPSS
Exploits2References4
Rows per page
Query Builder