CVE-2021-23996

By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox 88...

CVE-2021-24638

The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website...

CVE-2020-16254

The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...

CVE-2020-4070

In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9...

CVE-2013-0206

Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...

CVE-2019-19133

The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a cssheroaction=editpage request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in th...

CVE-2019-14784

The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition...

CVE-2011-2670

Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets...

CVE-2010-0652

Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document...

CVE-2019-5984

Cross-site request forgery CSRF vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2011-3443

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption and application crash via vectors related to improper list management for Cascading Style Sheets CSS @font-face rules...

CVE-2018-21033

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets CSS token sequence. Hitachi Command Suite includes...

CVE-2006-4888

Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service application hang via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT...

CVE-2005-4717

Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service client crash via a certain combination of a malformed HTML file and a CSS file that triggers a null dereferenc...

CVE-2009-1616

Cross-site scripting XSS vulnerability in docs/showdoc.php in Coppermine Photo Gallery CPG before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505...

Astra Linux - уязвимость в firefox

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox 70...

Fedora 41 : webkitgtk (2025-c40948de3a)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c40948de3a advisory. Enable CSS Overscroll Behavior by default. Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thre...

kernel: cgroup/cpuset: Prevent UAF in proc_cpuset_show()

A use-after-free UAF flaw was found in the proccpusetshow function. This issue can allow an attacker to access the css of the root caused by a race condition when the cgrouproot should be freed when it is unmounted from the resource...

Ubuntu: Security Advisory (USN-7502-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-46340

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...