CVE-2025-46340

Misskey CSS style injection vulnerability (CVE-2025-46340) affects 12.0.0 up to 2025.4.0 due to inadequate validation in UrlPreviewService and MkUrlPreview, enabling arbitrary CSS in MkUrlPreview and potential de-anonymization/related client attacks. UrlPreviewService.wrap avoids non-http/https U...

CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...

CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...

CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...

PT-2025-19769 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions 12.0.0 through 2025.4.0 Description: The issue arises from an oversight in validation performed in UrlPreviewService and MkUrlPreview, allowing an attacker to inject arbitrary CSS into the MkUrlPreview component. This can lea...

DEBIAN-CVE-2022-49786

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcgcssonline blkcgcssonline is supposed to pin the blkcg of the parent, but 397c9f46ee4d refactored things and along the way, changed it to pin the css instead. This results in extra pins,...

CVE-2022-49786 blk-cgroup: properly pin the parent in blkcg_css_online

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcgcssonline blkcgcssonline is supposed to pin the blkcg of the parent, but 397c9f46ee4d refactored things and along the way, changed it to pin the css instead. This results in extra pins,...

CVE-2025-27295

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpion Live css css-live allows Stored XSS.This issue affects Live css: from n/a through = 1.3...

CVE-2025-39601

Cross-Site Request Forgery CSRF vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from n/a through = 2.4.1...

CVE-2025-39428

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders gravity-forms-css-themes-with-fontawesome-and-placeholder-support allows Stored XSS.This issue affects Gravity Forms CSS...

CVE-2025-27295

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpion Live css css-live allows Stored XSS.This issue affects Live css: from n/a through = 1.3...

CVE-2025-27295 WordPress Live css plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpion Live css css-live allows Stored XSS.This issue affects Live css: from n/a through = 1.3...

CVE-2025-27295 WordPress Live css plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpion Live css css-live allows Stored XSS.This issue affects Live css: from n/a through = 1.3...

CVE-2025-27295

CVE-2025-27295 corresponds to a Cross-Site Scripting (stored XSS) flaw in the WordPress plugin Live css (wpion Live css). Affected: Live css versions up to 1.3. Root cause: improper input neutralization during web page generation. Impact: stored XSS risk for page visitors; CVSS v3.1 base score 7....

CVE-2025-39428 WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders gravity-forms-css-themes-with-fontawesome-and-placeholder-support allows Stored XSS.This issue affects Gravity Forms CSS...

WordPress plugin Live css 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Gravity Forms CSS Themes with Fontawesome and Placeholders 跨站脚本漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress...

PT-2025-17060 · Unknown · Wpion Live Css

Name of the Vulnerable Software and Affected Versions: wpion Live css versions 1.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...

CVE-2025-22373

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021...

WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability

CSRF to RCE vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Custom CSS, JS & PHP versions = 2.4.1...