Lucene search
K

96 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.20 views

RHEL 5 : libcroco (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libcroco: Infinite loop in the crparserparseselectorcore function CVE-2017-8871 - The crinputnewfromuri...

7.8CVSS7AI score0.12996EPSS
Exploits7References4
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.6 views

The vulnerability in the cr_tknzr_parse_comment function of the cr-tknzr.c component, a library for working with cascading tables in CSS2 Libcroco, allows a hacker to cause a service failure.

The vulnerability of the crtknzrparsecomment function in the cr-tknzr.c component of the Libcroco library for working with cascading tables in css2 is related to the execution of an operation outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause servic...

7.8CVSS6.8AI score0.03844EPSS
Exploits4References10Affected Software3
NVD
NVD
added 2023/02/09 8:15 p.m.32 views

CVE-2023-24689

An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx...

4.3CVSS4.6AI score0.00729EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/02/09 12:0 a.m.22 views

CVE-2023-24689

An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx...

4.9AI score0.00729EPSS
Exploits1References2
CVE
CVE
added 2023/02/09 12:0 a.m.124 views

CVE-2023-24689

The CVE-2023-24689 entry concerns mojoPortal

4.3CVSS4.6AI score0.00729EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2023/01/03 9:15 a.m.16 views

CVE-2012-10002

A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument setcss leads to cross site scripting. The attack can be launched remotely. The patch is named...

6.1CVSS4.5AI score0.00523EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/03 12:0 a.m.4 views

RivetTracker 跨站脚本漏洞

RivetTracker is a modified version of PHPBTracker by Azizul Hakimi Mohd Yussuf Izzudin, an individual developer. RivetTracker suffers from a cross-site scripting vulnerability that stems from a problem with the function changeColor in the file css.php, where the operation of the parameter setcss...

6.1CVSS4.2AI score0.00523EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/04/26 12:0 a.m.42 views

Ubuntu 16.04 ESM : Libcroco vulnerabilities (USN-5389-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5389-1 advisory. It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An...

7.1CVSS7AI score0.12996EPSS
Exploits7References5
OSV
OSV
added 2021/12/14 4:15 p.m.6 views

CVE-2021-39318

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

6.1CVSS5.8AI score0.00757EPSS
Exploits0References2
Prion
Prion
added 2021/12/14 4:15 p.m.18 views

Cross site scripting

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

4.3CVSS6.1AI score0.00757EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/12/14 3:50 p.m.22 views

CVE-2021-39318 H5P CSS Editor <= 1.0 Reflected Cross-Site Scripting

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

6.1CVSS6.2AI score0.00757EPSS
Exploits0References2
NVD
NVD
added 2021/09/20 10:15 a.m.21 views

CVE-2021-24638

The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website...

9.1CVSS0.01762EPSS
Exploits2References1
NVD
NVD
added 2021/07/31 5:15 p.m.32 views

CVE-2020-26564

ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have !ENTITY content, create a .xml file for a generic survey template containing a link to this .css file, and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey'importFile'...

6.5CVSS0.01121EPSS
Exploits5References2
Cvelist
Cvelist
added 2021/07/31 4:28 p.m.47 views

CVE-2020-26564

ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have !ENTITY content, create a .xml file for a generic survey template containing a link to this .css file, and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey'importFile'...

6.5AI score0.01121EPSS
Exploits5References2
Rosalinux
Rosalinux
added 2021/07/02 5:11 p.m.44 views

Advisory ROSA-SA-2021-1865

Software: libcroco 0.6.12 OS: Cobalt 7.9 CVE-ID: CVE-2017-7960 CVE-Crit: MEDIUM CVE-DESC: The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer re-read via a crafted CSS file. CVE-STATUS: default CVE-REV:...

7.1CVSS7.1AI score0.12996EPSS
Exploits7
FireEye
FireEye
added 2021/01/26 12:0 a.m.66 views

Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication

FireEye Email Security recently encountered various phishing campaigns, mostly in the Americas and Europe, using source code obfuscation with compromised or bad domains. These domains were masquerading as authentic websites and stole personal information such as credit card data. The stolen...

6.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/06/18 12:0 a.m.29 views

SUSE SLED15 / SLES15 Security Update : libcroco (SUSE-SU-2020:1535-1)

This update for libcroco fixes the following issues : Security issues fixed : CVE-2017-8834: Fixed denial of service memory allocation error via a crafted CSS file bsc1043898. CVE-2017-8871: Fixed denial of service infinite loop and CPU consumption via a crafted CSS file bsc1043899. Note that...

7.1CVSS6.2AI score0.12996EPSS
Exploits5References7
Tenable Nessus
Tenable Nessus
added 2020/03/13 12:0 a.m.37 views

EulerOS Virtualization for ARM 64 3.0.2.0 : libcroco (EulerOS-SA-2020-1251)

According to the versions of the libcroco package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - DISPUTED The crtknzrparsergb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an 'outside the range of...

7.8CVSS7AI score0.02001EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2019-2284)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS6.7AI score0.12996EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2019-2520)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.2AI score0.12996EPSS
Exploits7References2
Rows per page
Query Builder