5719 matches found
UBUNTU-CVE-2013-6388
Cross-site scripting XSS vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS...
CVE-2013-6388
Cross-site scripting XSS vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS...
CVE-2013-6388
Cross-site scripting XSS vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS...
CVE-2013-6388
Removed by vendor...
Mandriva Linux Security Advisory : mediawiki (MDVSA-2013:290)
Updated mediawiki packages fix security vulnerabilities : Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...
Fedora 20 : mediawiki-1.21.3-1.fc20 (2013-22047)
Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly...
CVE-2013-4567
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via a \b backspace character in CSS...
CVE-2013-4568
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression"...
CVE-2013-4568
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression"...
DEBIAN-CVE-2013-4568
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression"...
CVE-2013-4567
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via a \b backspace character in CSS...
Cross site scripting
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via a \b backspace character in CSS...
Cross site scripting
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression"...
UBUNTU-CVE-2013-4567
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via a \b backspace character in CSS...
CVE-2013-4567
CVE-2013-4567 describes an incomplete blacklist in MediaWiki’s CSS sanitizer (Sanitizer::checkCss), enabling remote XSS via a backspace character in CSS. Affected are MediaWiki releases prior to fixed updates: 1.19.9, 1.20.x prior to 1.20.8, and 1.21.x prior to 1.21.3. The issue arises from insuf...
CVE-2013-4568
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression"...
CVE-2013-4568
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression"...
CVE-2013-4567
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via a \b backspace character in CSS...
[SECURITY] Fedora 18 Update: php-symfony2-CssSelector-2.2.10-1.fc18
The CssSelector Component converts CSS selectors to XPath expressions...
Information disclosure
Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different 1 domain or 2 zone via crafted characters in Cascading Style Sheets CSS token sequences, aka "Internet Explorer Information Disclosure Vulnerability."...