CVE-2020-16254

The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...

CSS injection with width and height options

Chartkick is vulnerable to CSS injection if user input is passed to the width or height option. An attacker can set additional CSS properties, like:...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ (CVE-2019-17495)

Summary There is a Swagger vulnerability that affects WebSphere Application Server Liberty shipped with IBM StoredIQ. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan (CVE-2019-17495)

Summary There is a Swagger vulnerability that affects WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By usi...

Security Bulletin: Vulnerability in Swagger affects IBM Spectrum Protect Plus (CVE-2019-17495)

Summary A security vulnerability in Swagger which could allow a remote attacker to obtain sensitive information affects IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS...

h1-ctf: [h1-2006 CTF] Multiple vulnerabilities leading to account takeover and two-factor authentication bypass allows to send pending bounty payments

Hi, First things first, the flag of the CTF challenge. F863095 Write-Up I've published my write-up at https://kapytein.nl/texts/2020-06-10-h1-2006-ctf-writeup-2cf34abd3ed/, in order to avoid a lengthy report 😅. TL;DR 1 2FA bypass as we control both values on the comparison. 2 SSRF to...

h1-ctf: [H1-2006 2020] Multiple vulnerabilities lead to CEO account takeover and paid bounties

Summary: 1. A publicly accessible logfile discloses a user's credentials 2. Weak 2FA implementation allows user account takeover 3. Path injection in user's cookie allows SSRF, bypassing the IP restriction to list available builds on https://software.bountypay.h1ctf.com/ 4. API token leak in...

Security Bulletin: Vulnerabilities in Swagger affects WebSphere Application Server Liberty

Summary There are vulnerabilities in Swagger that affects WebSphere Application Server Liberty used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information,...

phpBB Injection Vulnerability

phpBB is a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. phpBB 3.2.7 version of an injection vulnerability , the vulnerability stems from the program fails to validate the BBCode paramete...

Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-17495)

Summary IBM Cloud Transformation Advisor has addressed the following vulnerability. CVE-2019-17495 Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the relative path overwrit...

Cross site scripting

Multiple Stored Cross-site scripting XSS vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users with minimal permissions to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mecsavenotifications and...

Dropbox Passes $1M Milestone for Bug-Bounty Payouts

Dropbox, the cloud-based file-sharing service, has reported that it has paid out more than $1 million to bug-bounty hunters since starting its program in 2014. The milestone comes after the service tripled its bounties in 2017, and after running two live hacking events with the HackerOne platform...

Clario: CSS Injection on static.mackeeper.com - Potential XSS

Summary CSS injection vulnerabilities arise when an application imports a style sheet from a user-supplied URL, or embeds user input in CSS blocks without adequate escaping. They are closely related to cross-site scripting XSS vulnerabilities but often trickier to exploit. Steps to reproduce the...

Mozilla: Bypass of @namespace CSS sanitization during pasting

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

Mozilla: Bypass of @namespace CSS sanitization during pasting

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

Mozilla Thunderbird < 68.4.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-04 advisory. - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type...

CVE-2019-17016

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Swagger UI (CVE-2019-17495)

Summary A Security Vulnerability affects IBM Cloud Private - Swagger UI Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based...

DEBIAN-CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...

CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL...