CVE-2024-12249 GS Insever Portfolio <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS Injection

The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savesettings function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2024-12249 GS Insever Portfolio <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS Injection

The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savesettings function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

WordPress GS Insever Portfolio plugin <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS Injection vulnerability

Missing Authorization to Authenticated Subscriber+ CSS Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin GS Insever Portfolio versions = 1.4.5...

The vulnerability of the SAP NetWeaver AS ABAP software integration platform, related to deficiencies in access control, allows a perpetrator to gain read, modify, or delete access to data.

The vulnerability of the SAP NetWeaver AS ABAP software integration platform is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to gain read, modify, or delete access to data by injecting CSS code or loading a specially created malicious page...

WordPress Stackable plugin <= 3.13.6 - Unauthenticated CSS Injection vulnerability

Unauthenticated CSS Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Stackable versions = 3.13.6...

CVE-2024-8760

The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration...

CVE-2024-8760 Stackable – Page Builder Gutenberg Blocks <= 3.13.6 - Unauthenticated CSS Injection

The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration...

CVE-2024-8760

CVE-2024-8760 covers Stackable – Page Builder Gutenberg Blocks (WordPress) with unauthenticated CSS Injection in versions

CVE-2024-8760 Stackable – Page Builder Gutenberg Blocks <= 3.13.6 - Unauthenticated CSS Injection

The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-026)

The version of firefox installed on the remote host is prior to 115.12.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-026 advisory. RESERVEDNOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/CVE-2022-2205 CVE-2022-2205 An attack...

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to information disclosure due to Springfox Swagger (CVE-2019-17495)

Summary IBM Sterling B2B Integrator uses Springfox Swagger. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. ...

CVE-2024-34697

FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...

CVE-2024-34697 Freescout vulnerable to Stored HTML Injection in Editing Received Emails

FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...

RHEL 6 : firefox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - firefox: Possible integer overflow to fix inside XMLParse in Expat CVE-2016-9063 - firefox: arbitrary cod...

RHEL 9 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 - Angle brackets are not...

CentOS 9 : toolbox-0.0.99.4-5.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the toolbox-0.0.99.4-5.el9 build changelog. - Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separate...

CSS Injection

contao/comments-bundle is vulnerable to CSS Injection. The vulnerability is due to insufficient input validation and sanitization within the BBCode parsing mechanism in Comments.php, allowing attackers to inject CSS styles via comments...

CVE-2024-28234

Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. A...

CVE-2024-28234 Contao has insufficient BBCode sanitizer

Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. A...

CVE-2024-28234

Contao is affected when BBCode is enabled for comments, allowing CSS injection via BBCode in user comments. The issue affects Contao 2.0.0 and earlier, and versions prior to 4.13.40 and 5.3.4. Patch versions are Contao 4.13.40 and 5.3.4, which fix the vulnerability. As a workaround, disable BBCod...