UBUNTU-CVE-2022-31744

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...

Security Vulnerabilities fixed in Firefox 101 — Mozilla

A malicious website could have learned the size of a cross-origin resource that supported Range requests. A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. When exiting fullscreen mode, an iframe could have...

Mozilla Firefox < 101.0

The version of Firefox installed on the remote Windows host is prior to 101.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-20 advisory. - Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported...

Mozilla Firefox < 101.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 101.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-20 advisory. - Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Tea...

PT-2022-13871 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 1.0.2 through 14.8.6 GitLab CE/EE versions 14.9.0 through 14.9.4 GitLab CE/EE versions 14.10.0 through 14.10.1 Description: The issue is related to missing sanitization of data in Pipeline error messages, allowing for th...

phpMyAdmin CSS Injection Vulnerability

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters...

GitLab: Content injection in Jira issue title enabling sending arbitrary POST request as victim

Summary The issue described here leads to the same outcome as my previous report, https://hackerone.com/reports/1409788 . So look into that one for further details on the JavaScript gadgets. Also see my report https://hackerone.com/reports/1481207 for a detailed rundown of injections in GitLab...

in slidevjs/slidev

Description Vulnerability: CSS injection and Limited XSS via postMessage While reading the code, I came across packages/client/iframes/monaco/index.ts file, where a message eventListener is being used. The callback function adds the content of message inside tag. This way, the attacker can post a...

CVE-2021-24964

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if...

Rocket.Chat: Persistent CSS injection with ’marked’ markdown parser in Rocket.Chat

Summary: Rocket.Chat offers two different markdown parsers out of the box: the ’orginal’ one and the ’marked’ one. Both markdown parsers offer a different set of features with different re- strictions. Due to more loose restrictions in the ’marked’ parser, a persistent CSS injection in the web...

Rocket.Chat: Impersonation in Sequential Messages

The vulnerability allowed an attacker to impersonate another user in sequential messages. The vulnerability existed in Rocket.Chat versions 3.18.2 and 4.0.3. It was caused by the ability to hide the leading message in a sequence using the customClass or className message attributes, making the...

Glassdoor: CSS injection via link tag whitelisted-domain bypass - https://www.glassdoor.com

Summary: It is possible load an arbitrary .css file. Bypassing the protections by adding the domain https://www.glassdoor.com in a parameter/path. Affected URL or select Asset from In-Scope: -...

Acronis: CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud

Summary Hi team, I hope everything goes well. I have found a CSS Injection in Acronis Cloud Management Consolehttps://mc-beta-cloud.acronis.com/mc via the colorscheme GET parameter. Description: The flow work as I will comment below. If we go to the URL...

Security Bulletin: Vulnerabilities in IBM WebSphere Liberty affects IBM Waston Machine Learning Accelerator

Summary There are vulnerabilities in IBM WebSphere Liberty used by IBM Waston Machine Learning Accelerator 1.2.2, and IBM Waston Machine Learning Accelerator 2.2.0 have addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-4663 DESCRIPTION: IBM WebSphere Application Server - Liberty...

Rocket.Chat: CSS Injection in Message Avatar

The custom message avatars in the Meteor.method "sendMessage" can contain inline CSS that influences the resulting HTML element rendering. Escaping the input with "none;" allows further CSS to be applied to the elements inline styles, without requiring certain characters such as whitespace...

CSS Injection

Overview chartkick is a Ruby gem that allows creation of JavaScript charts. Affected versions of this package are vulnerable to CSS Injection. Chartkick is vulnerable to CSS injection if user input is passed to the width or height option. An attacker can set additional CSS properties, like:...

CSS Injection

chartkick is vulnerable to CSS injection. A remote attacker is able to inject arbitrary CSS without attributes...

CVE-2020-16254

The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...

CVE-2020-16254

The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...

CVE-2020-16254

The CVE-2020-16254 entry concerns the Chartkick gem for Ruby, affecting versions up to 3.3.2. The vulnerability is described as CSS Injection (without attribute), with the root cause identified as a CSS injection issue in Chartkick. The provided connected documents consistently reference the same...