CVE-2025-31395 WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...

CVE-2025-31395 WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...

CVE-2025-31395

CVE-2025-31395: Cross-Site Request Forgery leading to Stored XSS in Easy Custom CSS (WordPress). Affected: Easy custom css by webriti (

WordPress plugin Easy Custom CSS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-15749 · Unknown · Easy Custom Css

Name of the Vulnerable Software and Affected Versions: Easy Custom CSS versions 1.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

GHSA-7524-3396-FQV3 tarteaucitron.js allows UI manipulation via unrestricted CSS injection

A vulnerability was identified in tarteaucitron.js, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code or a CMS plugin to set values like 100%;height:100%;position:fixed;,...

tarteaucitron.js allows UI manipulation via unrestricted CSS injection

A vulnerability was identified in tarteaucitron.js, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code or a CMS plugin to set values like 100%;height:100%;position:fixed;,...

CVE-2025-31138

CVE-2025-31138 affects tarteaucitron.js before 1.20.1, where unvalidated user-controlled inputs for element dimensions (width/height) could be used to cover the viewport and enable clickjacking. The vulnerability arises from improper validation of CSS values, potentially allowing overlays of mali...

CVE-2025-31138 tarteaucitron.js allows UI manipulation via unrestricted CSS injection

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...

CVE-2025-31138 tarteaucitron.js allows UI manipulation via unrestricted CSS injection

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...

BIT-JOOMLA-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

Exploit for CVE-2025-31864

CVE-2025-31864 1️⃣ Component type WordPress plugin 2️...

CVE-2025-2123

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

GHSA-PR6Q-G5GV-QGR7 GeSHi XSS possible in the get_var function of /contrib/cssgen.php

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

GeSHi XSS possible in the get_var function of /contrib/cssgen.php

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

CVE-2025-2123

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

UBUNTU-CVE-2025-2123

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

CVE-2025-2123 GeSHi CSS cssgen.php get_var cross site scripting

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

CVE-2025-2123

GeSHi up to 1.0.9.1 is affected by a cross-site scripting vulnerability in get_var() of /contrib/cssgen.php (CSS Handler). The issue arises from manipulating arguments under default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments. Exploitation is remote-capable, and public disclosure ...

PT-2025-10451 · Geshi +1 · Geshi +1

Name of the Vulnerable Software and Affected Versions: GeSHi versions up to 1.0.9.1 Description: A problematic issue has been found in GeSHi, affecting the get var function of the /contrib/cssgen.php file in the CSS Handler component. The manipulation of the...