MAL-2024-11171 Malicious code in readium-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e052a1c3b7fcfedb0cee689603d30bf043df8eebeff0146be74a4b0e218d62a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in readium-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e052a1c3b7fcfedb0cee689603d30bf043df8eebeff0146be74a4b0e218d62a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-11330

The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2024-11330 Custom CSS, JS & PHP <= 2.3.0 - Reflected Cross-Site Scripting

The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrar...

Astra Linux – Vulnerability in Chromium

The use of “after free” in CSS in Google Chrome before version 127.0.6533.72 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

PT-2024-16915 · WordPress · Custom Css

Name of the Vulnerable Software and Affected Versions: Custom CSS, JS & PHP plugin for WordPress versions up to, and including, 2.3.0 Description: The issue arises from the use of add query arg and remove query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. Thi...

WordPress Custom CSS, JS & PHP plugin <= 2.3.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Custom CSS, JS & PHP versions = 2.3.0...

WordPress Custom CSS, JS & PHP Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Custom CSS, JS & PHP Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11330 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56e1a6085112 Credits vgo0 Require...

WordPress Pure CSS Circle Progress bar plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Pure CSS Circle Progress Bar versions = 1.2...

CVE-2024-52595 HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...

CVE-2024-49230

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harry005 Ajax Custom CSS/JS ajax-awesome-css allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through = 2.0.4...

CVE-2024-49230

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Harpreet Singh Ajax Custom CSS/JS allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through 2.0.4...

CVE-2024-49230 WordPress Ajax Custom CSS/JS plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harry005 Ajax Custom CSS/JS ajax-awesome-css allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through = 2.0.4...

CVE-2024-49230 WordPress Ajax Custom CSS/JS plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harry005 Ajax Custom CSS/JS ajax-awesome-css allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through = 2.0.4...

PT-2024-33367 · Unknown · Harpreet Singh Ajax Custom Css/Js

Name of the Vulnerable Software and Affected Versions: Harpreet Singh Ajax Custom CSS/JS versions n/a through 2.0.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS...

WordPress plugin Ajax Custom CSS/JS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Malicious code in spectrum-css-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9fd11f8bce16c648d0357bfe32e3f5597413551bc0eb8884eee63ac92eaa9569 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9861 Malicious code in spectrum-css-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9fd11f8bce16c648d0357bfe32e3f5597413551bc0eb8884eee63ac92eaa9569 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in css-tokenizer (npm)

--- -= Per source details. Do not edit below this line.=-...