PT-2026-1290

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration ZCS versions prior to 10.0.18 Zimbra Collaboration ZCS versions prior to 10.1.13 Description The software contains a stored cross-site scripting XSS issue within the Classic UI. This occurs due to Cascading Style Sheets CS...

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

Zimbra Collaboration 跨站脚本漏洞

Zimbra Collaboration is an open source enterprise email and collaboration platform from Zimbra that supports email, calendaring, document management, and team collaboration features. A cross-site scripting vulnerability exists in Zimbra Collaboration versions prior to 10.0.18 and prior to 10.1.13...

CVE-2025-66376

Zimbra Collaboration (ZCS) is affected in versions prior to 10.0.18 and prior to 10.1.13. The issue is a stored XSS in the Classic UI triggered by CSS @import directives in HTML emails, caused by improper handling of CSS imports. Impact is stored cross-site scripting within email rendering. Remed...

[SECURITY] Fedora 42 Update: nginx-mod-fancyindex-0.5.2-13.fc42

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.5.2-13.fc43

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

PT-2026-27390

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 115.34 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 Description A use-after-free issue exists in the CSS Parsing and...

PT-2026-26513

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.153 Description A heap buffer overflow exists in the CSS processing component of Google Chrome. This issue could allow a remote attacker to potentially exploit heap corruption through a specially...

CVE-2025-68878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

EUVD-2025-205612

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Prasadkirpekar Advanced Custom CSS allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through 1.1.0...

CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

CVE-2025-68878

CVE-2025-68878 is a reflected XSS vulnerability in the Advanced Custom CSS WordPress plugin, caused by Improper Neutralization of Input During Web Page Generation. It affects Advanced Custom CSS versions up to 1.1.0 (no details on fixed version provided in the documents). The CVSS 3.1 metrics ind...

PT-2025-53749

Name of the Vulnerable Software and Affected Versions Prasadkirpekar Advanced Custom CSS versions through 1.1.0 Description The software contains a flaw related to improper input handling during web page creation, which allows for Reflected Cross-Site Scripting XSS. This means an attacker could...

WordPress plugin Advanced Custom CSS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Advanced Custom CSS versions = 1.1.0...

[SECURITY] Fedora 42 Update: roundcubemail-1.6.12-1.fc42

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

Impact Users importing contacts from untrusted sources. Specifically crafted contact data can lead to some of DOM modifications for the link button next to the field e.g. the link address can be overriden. CSS can be manipulated to give the button arbitrary look and change it's size so that any...

EUVD-2025-204591

Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature...

CVE-2023-53901

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests...