CVE-2026-28348 lxml_html_clean: CSS @import Filter Bypass via Unicode Escapes

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...

CVE-2026-28348 lxml_html_clean: CSS @import Filter Bypass via Unicode Escapes

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

PT-2026-1290

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration ZCS versions prior to 10.0.18 Zimbra Collaboration ZCS versions prior to 10.1.13 Description The software contains a stored cross-site scripting XSS issue within the Classic UI. This occurs due to Cascading Style Sheets CS...

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

CVE-2025-66376

Zimbra Collaboration (ZCS) is affected in versions prior to 10.0.18 and prior to 10.1.13. The issue is a stored XSS in the Classic UI triggered by CSS @import directives in HTML emails, caused by improper handling of CSS imports. Impact is stored cross-site scripting within email rendering. Remed...

Zimbra Collaboration 跨站脚本漏洞

Zimbra Collaboration is an open source enterprise email and collaboration platform from Zimbra that supports email, calendaring, document management, and team collaboration features. A cross-site scripting vulnerability exists in Zimbra Collaboration versions prior to 10.0.18 and prior to 10.1.13...

Malicious code in shopify-css-import (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02612f811f0437cad89ff886ab8950df3e8e2a8ecc3c285747a833e50420ee7b Any computer that has this package installed or running should be considered...

MAL-2025-6124 Malicious code in shopify-css-import (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02612f811f0437cad89ff886ab8950df3e8e2a8ecc3c285747a833e50420ee7b Any computer that has this package installed or running should be considered...

SUSE CVE-2016-5127

Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascadin...

chromium-browser: use-after-free in blink

Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascadin...

CVE-2016-5127

Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascadin...

Microsoft Internet Explorer CSS导入处理拒绝服务漏洞

Microsoft Internet Explorer是一款流行的WEB浏览器 Microsoft Internet Explorer处理特制的CSS导入存在一个段错误，允许攻击者构建恶意WEB页，诱使用户解析，使应用程序崩溃。 此漏洞需要用户一些交互才能触发，并且目前来看不能用于执行代码 0 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 厂商解决方案 目前没有详细解决方案提供： http://www.microsoft.com/...

Internet Explorer CSS Recursive Import Use After Free

$Id: ms11003iecssimport.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability

This host has installed with Internet Explorer and is prone to Use-after-free Vulnerability. This NVT has been replaced by NVT secpodms11-003.nasl OID:1.3.6.1.4.1.25623.1.0.901180. OpenVAS Vulnerability Test $Id: secpodmsieuseafterfreedosvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ Microsoft...

Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability

This host has installed with Internet Explorer and is prone to a use after free vulnerability. This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.901180. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced...

Internet Explorer CSS Recursive Import Memory Corruption (CVE-2010-3971)

Microsoft Internet Explorer is the most widely used Internet browser. A memory corruption vulnerability has been reported in the way Microsoft Internet Explorer parses HTML pages that contain recursive CSS import. The vulnerability is due to the creation of uninitialized memory during a CSS...

Microsoft Internet Explorer CSS use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the handling of CSS, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer contains a vulnerability caused by a use-after-free error within the mshtml.dl...