tarteaucitron.js allows UI manipulation via unrestricted CSS injection

A vulnerability was identified in tarteaucitron.js, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code or a CMS plugin to set values like 100%;height:100%;position:fixed;,...

GHSA-7524-3396-FQV3 tarteaucitron.js allows UI manipulation via unrestricted CSS injection

A vulnerability was identified in tarteaucitron.js, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code or a CMS plugin to set values like 100%;height:100%;position:fixed;,...

CVE-2025-31138 tarteaucitron.js allows UI manipulation via unrestricted CSS injection

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...

CVE-2025-31138 tarteaucitron.js allows UI manipulation via unrestricted CSS injection

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...

CVE-2025-31138

CVE-2025-31138 affects tarteaucitron.js before 1.20.1, where unvalidated user-controlled inputs for element dimensions (width/height) could be used to cover the viewport and enable clickjacking. The vulnerability arises from improper validation of CSS values, potentially allowing overlays of mali...

BIT-JOOMLA-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

Exploit for CVE-2025-31864

CVE-2025-31864 1️⃣ Component type WordPress plugin 2️...

CVE-2025-2123

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

GeSHi XSS possible in the get_var function of /contrib/cssgen.php

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

GHSA-PR6Q-G5GV-QGR7 GeSHi XSS possible in the get_var function of /contrib/cssgen.php

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

CVE-2025-2123

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

UBUNTU-CVE-2025-2123

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

CVE-2025-2123

GeSHi up to 1.0.9.1 is affected by a cross-site scripting vulnerability in get_var() of /contrib/cssgen.php (CSS Handler). The issue arises from manipulating arguments under default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments. Exploitation is remote-capable, and public disclosure ...

CVE-2025-2123 GeSHi CSS cssgen.php get_var cross site scripting

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

PT-2025-10451 · Geshi +1 · Geshi +1

Name of the Vulnerable Software and Affected Versions: GeSHi versions up to 1.0.9.1 Description: A problematic issue has been found in GeSHi, affecting the get var function of the /contrib/cssgen.php file in the CSS Handler component. The manipulation of the...

Linux Distros Unpatched Vulnerability : CVE-2023-24539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can...

Linux Distros Unpatched Vulnerability : CVE-2023-26364

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while...

Linux Distros Unpatched Vulnerability : CVE-2023-44270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS i...

Linux Distros Unpatched Vulnerability : CVE-2022-31108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. A...

Cross-site Scripting (XSS)

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Skin Images / CSS config field when it contains an end script tag. An attacker can manipulate the web page...