437 matches found
SUSE CVE-2026-26079
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...
PT-2026-7901
Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 17.9.0 XWiki Platform versions prior to 17.4.6 XWiki Platform versions prior to 16.10.13 Description The XWiki Platform is a generic wiki platform. A flaw exists where comments can be used to inject CSS,...
XWiki Platform 安全漏洞
The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform prior to 17.9.0, 17.4.6, and 16.10.13 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of using CSS injection via comments,...
CVE-2026-26079
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...
CVE-2026-26079
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...
CVE-2026-26079
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...
CVE-2026-26079
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...
FreeBSD : Roundcube -- Multiple vulnerabilities (f301a241-04d3-11f1-a38c-8447094a420f)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f301a241-04d3-11f1-a38c-8447094a420f advisory. The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass vi...
Roundcube -- Multiple vulnerabilities
The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass via SVG content...
CVE-2025-41768 Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server
An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...
Beckhoff Automation TwinCAT 3 HMI Server Cross-site Scripting Vulnerability
Beckhoff Automation TwinCAT 3 HMI Server is a data transmission and permission management component developed by the American company Beckhoff Automation. The Beckhoff Automation TwinCAT 3 HMI Server has a cross-site scripting vulnerability. This vulnerability allows authenticated administrators ...
CVE-2022-31108
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...
WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability
CSS Injection vulnerability discovered by Krissaphat Jankaew in WordPress Plugin Easy Media Download versions = 1.1.11...
CVE-2025-69169 WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through = 1.1.11...
CVE-2025-69169 WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through = 1.1.11...
CVE-2025-69169
CVE-2025-69169 pertains to the WordPress plugin Easy Media Download (easy-media-download). It describes an authenticated (Contributor+) stored cross-site scripting (XSS) flaw affecting version 1.1.11 or earlier, where user-supplied input (likely via shortcode/HTML elements) can be stored and late...
CVE-2019-16108
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...
Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature
Impact Users importing contacts from untrusted sources. Specifically crafted contact data can lead to some of DOM modifications for the link button next to the field e.g. the link address can be overriden. CSS can be manipulated to give the button arbitrary look and change it's size so that any...
EUVD-2025-204591
Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature...
CVE-2025-66469
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...