432 matches found
DEBIAN-CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
Design/Logic Flaw
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
CVE-2022-31744
CVE-2022-31744 involves an CSS injection flaw that could let an attacker inject CSS into stylesheets accessible via internal URIs (e.g., resource:) and bypass a page's Content Security Policy. Affected products include Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Fire...
CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
CVE-2022-46162
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
Design/Logic Flaw
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
PT-2022-27779 · Discourse · Discourse-Bbcode
Name of the Vulnerable Software and Affected Versions: discourse-bbcode versions prior to commit 91478f5 Description: The issue affects sites with the discourse-bbcode plugin installed and enabled, allowing CSS injection when rendering content generated with the plugin. As a workaround, enabling...
CVE-2022-46162
CVE-2022-46162 concerns the discourse-bbcode plugin for Discourse. Prior to commit 91478f5, rendering content generated with the plugin could trigger CSS injection, affecting sites with the plugin installed and enabled. The issue is patched in commit 91478f5. A practical workaround is to enable a...
CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
CVE-2022-35739
PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets CSS data is inserted into the style tag, loading...
CVE-2022-35739
PRTG Network Monitor vulnerable through version 22.2.77.2204 where custom input on a device icon can inject arbitrary CSS into the device’s style tag. When the device page loads, the injected CSS may load malicious content. The issue cannot be escalated to XSS due to input restrictions and browse...
CVE-2022-2543
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts...
CVE-2022-2597
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts...