Lucene search
K

437 matches found

Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38404

Name of the Vulnerable Software and Affected Versions css parser versions prior to 1.22.0 css parser versions prior to 2.1.0 Description The software fails to validate HTTPS connections when loading stylesheets, which allows a Man-in-the-Middle MITM attacker to inject or modify CSS content. This...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.6 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Roundcube Webmail vulnerabilities (USN-8223-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8223-1 advisory. It was discovered that Roundcube Webmail mishandled Punycode xn-- domain names. An attacker could possibl...

9.3CVSS5.4AI score0.5281EPSS
Exploits6References8
OSV
OSV
added 2026/04/29 1:50 p.m.7 views

USN-8223-1 roundcube vulnerabilities

It was discovered that Roundcube Webmail mishandled Punycode xn-- domain names. An attacker could possibly use this issue to cause a homograph attack. CVE-2019-15237 It was discovered that Roundcube Webmail did not properly sanitize certain attributes when handling CSS within HTML messages and...

9.3CVSS7AI score0.5281EPSS
Exploits6References8
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.10 views

PT-2026-37156

Name of the Vulnerable Software and Affected Versions locize versions prior to 4.0.21 Description The locize client SDK registers a window.addEventListener"message", … handler that dispatches to internal handlers such as editKey, commitKey, commitKeys, isLocizeEnabled, and requestInitialize witho...

7.5CVSS5.8AI score0.00101EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/21 3:52 p.m.34 views

CVE-2026-40565 FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...

6.1CVSS0.00199EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 3:52 p.m.5 views

CVE-2026-40565 FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...

6.1CVSS5.9AI score0.00199EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 3:52 p.m.11 views

CVE-2026-40565

FreeScout vulnerability CVE-2026-40565 affects versions prior to 1.8.213. The issue occurs in linkify() (app/Misc/Helper.php): plain-text URLs in email bodies are converted to HTML anchor tags without escaping double-quote (") characters, and because HTMLPurifier runs first via getCleanBody(), th...

6.1CVSS5.9AI score0.00199EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/21 3:16 a.m.6 views

CVE-2026-40497

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's Helper::stripDangerousTags removes , , , but does NOT strip tags. The mailbox signature field is saved via POST /mailbox/settings/id and later rendered unescaped via !!...

8.1CVSS0.00243EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 1:45 a.m.13 views

CVE-2026-40497

Summary (concrete details available) : FreeScout prior to version 1.8.213 is vulnerable to CSS injection in the mailbox signature due to incomplete stripping of dangerous tags: stripDangerousTags() removes script/form/iframe/object but not style, allowing inline CSS to exfiltrate CSRF tokens. An ...

8.1CVSS5.9AI score0.00243EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/17 8:51 p.m.21 views

CVE-2026-40301 rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives

DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize allows elements in SVG content but never inspects their text content. CSS url references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to...

4.7CVSS0.00271EPSS
Exploits0References3
CVE
CVE
added 2026/04/17 8:51 p.m.13 views

CVE-2026-40301

Summary of CVE-2026-40301 : The PHP library rhukster/dom-sanitizer (and related advisories) contains a flaw prior to version 1.0.10 where DOMSanitizer::sanitize() does not inspect the text content of elements inside SVG. As a result, CSS rules using url() and @import can reference attacker-contr...

4.7CVSS5.7AI score0.00271EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/10 9:8 p.m.11 views

rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives

Summary DOMSanitizer::sanitize allows elements in SVG content but never inspects their text content. CSS url references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to attacker-controlled hosts when the sanitized SVG is rendered. Details In...

4.7CVSS6AI score0.00271EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 7:35 p.m.3 views

CVE-2026-39840 CSS injection in multiple Cargo display formats

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

5.1CVSS5.9AI score0.00158EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/07 7:35 p.m.16 views

CVE-2026-39840 CSS injection in multiple Cargo display formats

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

5.1CVSS0.00158EPSS
Exploits1References2
CVE
CVE
added 2026/04/06 5:20 p.m.45 views

CVE-2026-35046

CVE-2026-35046 affects Tandoor Recipes prior to version 2.6.4. Authenticated users can inject arbitrary tags into recipe step instructions. The bleach.clean() sanitizer explicitly whitelists , allowing the backend to persist and serve unsanitized CSS payloads via the API. Clients rendering instr...

5.4CVSS6.1AI score0.00173EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 5:20 p.m.4 views

CVE-2026-35046 Tandoor has a Stored CSS Injection via <style> Tag in Recipe Instructions (API-Level)

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary tags into recipe step instructions. The bleach.clean sanitizer explicitly whitelists the tag, causing the backend to...

5.4CVSS6.1AI score0.00173EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/03 6:31 a.m.6 views

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the CSS sanitization process for HTML email messages. An attacker can inject malicious CSS by crafting specially formatted HTML emails that exploit the lack of proper sanitization,...

6.9CVSS5.9AI score0.00366EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.5 views

CVE-2026-31873

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

6.1CVSS6AI score0.00237EPSS
Exploits1References1
NVD
NVD
added 2026/03/12 6:16 p.m.10 views

CVE-2026-31873

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

6.1CVSS0.00237EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/12 5:20 p.m.28 views

CVE-2026-31873 Unhead has a Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

0.00237EPSS
Exploits1References1
Rows per page
Query Builder