CVE-2026-22712 ApprovedRevs allows bypassing the inline CSS sanitizer

Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...

WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability

CSS Injection vulnerability discovered by Krissaphat Jankaew in WordPress Plugin Easy Media Download versions = 1.1.11...

CVE-2025-69169 WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through = 1.1.11...

CVE-2025-69169 WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through = 1.1.11...

CVE-2025-69169

CVE-2025-69169 pertains to the WordPress plugin Easy Media Download (easy-media-download). It describes an authenticated (Contributor+) stored cross-site scripting (XSS) flaw affecting version 1.1.11 or earlier, where user-supplied input (likely via shortcode/HTML elements) can be stored and late...

CVE-2026-0669

A flaw was found in the MediaWiki CSS extension. This vulnerability, categorized as a Path Traversal, allows a remote attacker to access restricted directories. By manipulating file paths, an attacker can read arbitrary files on the server, potentially leading to the disclosure of sensitive...

CVE-2026-0669

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39...

CVE-2026-0669

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39...

CVE-2026-0669 Path Traversal vulnerability in CSS extension on certain web servers

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39...

CVE-2026-0669

CVE-2026-0669 affects the MediaWiki CSS extension versions 1.39–1.44. The vulnerability is an improper limitation of a pathname to a restricted directory (path traversal) that could allow a remote attacker to read arbitrary server files, potentially leading to sensitive disclosures. Exploitation ...

CVE-2019-16108

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

MediaWiki - CSS extension 安全漏洞

MediaWiki - CSS extension is an open source CSS extension plugin for MediaWiki. A security vulnerability exists in MediaWiki - CSS extension versions 1.44, 1.43, and 1.39, which stems from an improperly restricted pathname and can lead to path traversal...

PT-2026-1965

Name of the Vulnerable Software and Affected Versions MediaWiki - CSS extension versions 1.39 through 1.44 Description An issue exists in the MediaWiki - CSS extension related to improper limitation of a pathname to a restricted directory, allowing for path traversal. This can potentially allow...

WordPress Multi-column Tag Map plugin <= 17.0.39 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mctm_css_conditional' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'mctmcssconditional' Parameter vulnerability discovered by Bhayanak Atma in WordPress Plugin Multi-column Tag Map versions = 17.0.39...

Malicious code in oj-sp-css-additions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76f44dd1651a643e28e082a676732a19e8a8a8fcf5b2f88264aa47c7f5e31dce The package oj-sp-css-additions was found to contain malicious code. Source: ghsa-malware...

MAL-2026-64 Malicious code in oj-sp-css-additions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76f44dd1651a643e28e082a676732a19e8a8a8fcf5b2f88264aa47c7f5e31dce The package oj-sp-css-additions was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-1135

Malicious code in oj-sp-css-additions npm...

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...