Lucene search
K

442 matches found

CVE
CVE
added 2026/02/12 8:30 p.m.20 views

CVE-2026-26000

CVE-2026-26000 : XWiki Platform is vulnerable to CSS-injection in comments that can transform the entire wiki UI into a clickable link area leading to a malicious page. Affected versions are prior to 17.9.0, 17.4.6, and 16.10.13. The root cause is a comment-based CSS injection that enables a clic...

6.1CVSS5.5AI score0.00279EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/12 8:30 p.m.3 views

CVE-2026-26000

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. This vulnerability is fixed in...

5.3CVSS5.5AI score0.00279EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/12 8:30 p.m.4 views

CVE-2026-26000 XWiki Platform affected by click-jacking through CSS injection in comments

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. This vulnerability is fixed in...

5.3CVSS5.5AI score0.00279EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/12 8:30 p.m.31 views

CVE-2026-26000 XWiki Platform affected by click-jacking through CSS injection in comments

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. This vulnerability is fixed in...

5.3CVSS0.00279EPSS
Exploits0References2
OSV
OSV
added 2026/02/12 3:54 p.m.4 views

GHSA-74RH-C5RH-88VG XWiki vulnerable to click-jacking through CSS injection in comments

Impact It's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. All versions of XWiki are impacted by this kind of attack. Patches The problem has been patched not by preventing injecting CSS in comments, which is currently a featur...

5.3CVSS5.7AI score0.00279EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/02/12 12:25 a.m.10 views

SUSE CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

4.7CVSS5.4AI score0.00292EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.7 views

XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform prior to 17.9.0, 17.4.6, and 16.10.13 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of using CSS injection via comments,...

6.1CVSS5.8AI score0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.12 views

PT-2026-7901

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 17.9.0 XWiki Platform versions prior to 17.4.6 XWiki Platform versions prior to 16.10.13 Description The XWiki Platform is a generic wiki platform. A flaw exists where comments can be used to inject CSS,...

7.5CVSS5.3AI score0.00279EPSS
Exploits0References20
NVD
NVD
added 2026/02/11 5:16 a.m.8 views

CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

4.7CVSS0.00292EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/02/11 4:27 a.m.4 views

CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

4.7CVSS5.4AI score0.00292EPSS
Exploits0References9
OSV
OSV
added 2026/02/11 4:27 a.m.8 views

CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

4.7CVSS5.4AI score0.00292EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.4 views

CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

4.7CVSS5.8AI score0.00292EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/02/09 12:0 a.m.4 views

FreeBSD : Roundcube -- Multiple vulnerabilities (f301a241-04d3-11f1-a38c-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f301a241-04d3-11f1-a38c-8447094a420f advisory. The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass vi...

5.6AI score
Exploits0References2
FreeBSD
FreeBSD
added 2026/02/08 12:0 a.m.7 views

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass via SVG content...

5.3AI score
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 8:2 a.m.21 views

CVE-2025-41768 Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

5.5CVSS0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

Beckhoff Automation TwinCAT 3 HMI Server Cross-site Scripting Vulnerability

Beckhoff Automation TwinCAT 3 HMI Server is a data transmission and permission management component developed by the American company Beckhoff Automation. The Beckhoff Automation TwinCAT 3 HMI Server has a cross-site scripting vulnerability. This vulnerability allows authenticated administrators ...

5.5CVSS5.9AI score0.00207EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.10 views

CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

6.1CVSS6.3AI score0.00849EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/01/08 10:16 a.m.7 views

WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability

CSS Injection vulnerability discovered by Krissaphat Jankaew in WordPress Plugin Easy Media Download versions = 1.1.11...

5.4CVSS7.3AI score0.00243EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/01/08 9:17 a.m.23 views

CVE-2025-69169

CVE-2025-69169 pertains to the WordPress plugin Easy Media Download (easy-media-download). It describes an authenticated (Contributor+) stored cross-site scripting (XSS) flaw affecting version 1.1.11 or earlier, where user-supplied input (likely via shortcode/HTML elements) can be stored and late...

5.4CVSS6AI score0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/08 9:17 a.m.31 views

CVE-2025-69169 WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through = 1.1.11...

5.4CVSS0.00243EPSS
Exploits0References1
Rows per page
Query Builder