Lucene search
K

437 matches found

SUSE CVE
SUSE CVE
added 2026/02/12 12:25 a.m.7 views

SUSE CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

4.7CVSS5.4AI score0.00292EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.12 views

PT-2026-7901

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 17.9.0 XWiki Platform versions prior to 17.4.6 XWiki Platform versions prior to 16.10.13 Description The XWiki Platform is a generic wiki platform. A flaw exists where comments can be used to inject CSS,...

7.5CVSS5.3AI score0.00279EPSS
Exploits0References20
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.6 views

XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform prior to 17.9.0, 17.4.6, and 16.10.13 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of using CSS injection via comments,...

6.1CVSS5.8AI score0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/02/11 5:16 a.m.8 views

CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

4.7CVSS0.00292EPSS
Exploits0References9
OSV
OSV
added 2026/02/11 5:16 a.m.7 views

CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

4.7CVSS5.4AI score
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/02/11 4:27 a.m.4 views

CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

4.7CVSS5.4AI score0.00292EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.3 views

CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

4.7CVSS5.8AI score0.00292EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/02/09 12:0 a.m.4 views

FreeBSD : Roundcube -- Multiple vulnerabilities (f301a241-04d3-11f1-a38c-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f301a241-04d3-11f1-a38c-8447094a420f advisory. The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass vi...

5.6AI score
Exploits0References2
FreeBSD
FreeBSD
added 2026/02/08 12:0 a.m.7 views

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass via SVG content...

5.3AI score
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 8:2 a.m.21 views

CVE-2025-41768 Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

5.5CVSS0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

Beckhoff Automation TwinCAT 3 HMI Server Cross-site Scripting Vulnerability

Beckhoff Automation TwinCAT 3 HMI Server is a data transmission and permission management component developed by the American company Beckhoff Automation. The Beckhoff Automation TwinCAT 3 HMI Server has a cross-site scripting vulnerability. This vulnerability allows authenticated administrators ...

5.5CVSS5.9AI score0.00207EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.10 views

CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

6.1CVSS6.3AI score0.00849EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/01/08 10:16 a.m.7 views

WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability

CSS Injection vulnerability discovered by Krissaphat Jankaew in WordPress Plugin Easy Media Download versions = 1.1.11...

5.4CVSS7.3AI score0.00243EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/01/08 9:17 a.m.30 views

CVE-2025-69169 WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through = 1.1.11...

5.4CVSS0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/08 9:17 a.m.2 views

CVE-2025-69169 WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through = 1.1.11...

5.4CVSS6AI score0.00243EPSS
Exploits0References1
CVE
CVE
added 2026/01/08 9:17 a.m.21 views

CVE-2025-69169

CVE-2025-69169 pertains to the WordPress plugin Easy Media Download (easy-media-download). It describes an authenticated (Contributor+) stored cross-site scripting (XSS) flaw affecting version 1.1.11 or earlier, where user-supplied input (likely via shortcode/HTML elements) can be stored and late...

5.4CVSS6AI score0.00243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.7 views

CVE-2019-16108

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

7.5CVSS6.9AI score0.01077EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/12/19 9:32 p.m.6 views

Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

Impact Users importing contacts from untrusted sources. Specifically crafted contact data can lead to some of DOM modifications for the link button next to the field e.g. the link address can be overriden. CSS can be manipulated to give the button arbitrary look and change it's size so that any...

6.9AI score
Exploits0References8Affected Software1
EUVD
EUVD
added 2025/12/19 9:32 p.m.5 views

EUVD-2025-204591

Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature...

6.8AI score
Exploits0References8
NVD
NVD
added 2025/12/09 12:15 a.m.8 views

CVE-2025-66469

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...

6.1CVSS0.00224EPSS
Exploits1References2
Rows per page
Query Builder