5719 matches found
OESA-2025-1597 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading csssets for migration Each cset cssset is pinned by its tasks. When we're moving tasks around across csets for...
OESA-2025-1593 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading csssets for migration Each cset cssset is pinned by its tasks. When we're moving tasks around across csets for...
CVE-2025-5699
CVE-2025-5699 involves the Developer Formatter WordPress plugin. A stored cross-site scripting (XSS) flaw exists in Custom CSS handling across all versions up to 2015.0.2.1, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated admin-level access and c...
CVE-2025-48883
Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding...
CVE-2025-48883
Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding...
CVE-2025-48883 Chrome PHP is missing encoding in `CssSelector`
Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding...
Chrome PHP 跨站脚本漏洞
Chrome PHP is a headless chrome/chrome instance in PHP from the Chrome PHP open source. A cross-site scripting vulnerability exists in Chrome PHP versions prior to 1.14.0 that stems from a CSS selector expression that is not properly encoded, which could lead to a cross-site scripting attack...
Cross-site Scripting (XSS)
chrome-php/chrome is vulnerable to cross-site scripting XSS. The vulnerability is due to improper encoding due to CSS Selector expressions not being properly escaped, allowing injection of malicious scripts...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. CVE-2025-31204: improper memory handling when processing certain web content m...
SUSE-SU-2025:01746-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: - CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. - CVE-2025-31204: improper memory handling when processing certain web conte...
Cross-site Scripting (XSS)
Overview chrome-php/chrome is an Instrument headless chrome/chromium instances from PHP Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper encoding in CssSelector. An attacker can inject malicious scripts by crafting malicious CSS Selector expressions...
Chrome PHP is missing encoding in `CssSelector`
Impact CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. Patches This is patched in v1.14.0. Workarounds Users can apply encoding manually to their selectors, if they are unable to upgrade...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. CVE-2025-31204: improper memory handling when processing certain web content m...
PT-2025-23223 · Unknown · Chrome Php
Name of the Vulnerable Software and Affected Versions: Chrome PHP versions prior to 1.14.0 Description: The issue arises from CSS Selector expressions not being properly encoded, leading to potential cross-site scripting XSS vulnerabilities. There is no information provided about the estimated...
SUSE-SU-2025:01720-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: - CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. - CVE-2025-31204: improper memory handling when processing certain web conte...
CVE-2024-49230
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harry005 Ajax Custom CSS/JS ajax-awesome-css allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through = 2.0.4...
CVE-2024-9146
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in jamesdlow CSS JS Files css-js-files allows Path Traversal.This issue affects CSS JS Files: from n/a through = 1.5.0...
CVE-2024-8432
The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveappearance function in all versions up to, and including, 5.0.48. This makes it possible for authenticated attackers...
CVE-2024-7410
The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.3. This is due the plugin not preventing direct access to the /my-custom-css/vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php file and and the file...
CVE-2024-4375
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mslayer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'cssid' user supplied attribute. This...