MAL-2024-9577 Malicious code in css-tokenizer (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-8918

The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, ...

The vulnerability of the SAP NetWeaver AS ABAP software integration platform, related to deficiencies in access control, allows a perpetrator to gain read, modify, or delete access to data.

The vulnerability of the SAP NetWeaver AS ABAP software integration platform is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to gain read, modify, or delete access to data by injecting CSS code or loading a specially created malicious page...

WordPress Ajax Custom CSS/JS plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Ajax Custom CSS/JS versions = 2.0.4...

WordPress Stackable plugin <= 3.13.6 - Unauthenticated CSS Injection vulnerability

Unauthenticated CSS Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Stackable versions = 3.13.6...

WordPress Ajax Custom CSS/JS Plugin <= 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Custom CSS/JS Type Plugin Vulnerable versions = 2.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49230 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a0b3b7c24e3c Credits SOPROBRO Required privilege...

CVE-2024-8760

The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration...

CVE-2024-8760 Stackable – Page Builder Gutenberg Blocks <= 3.13.6 - Unauthenticated CSS Injection

The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration...

CVE-2024-8760 Stackable – Page Builder Gutenberg Blocks <= 3.13.6 - Unauthenticated CSS Injection

The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration...

CVE-2024-8760

CVE-2024-8760 covers Stackable – Page Builder Gutenberg Blocks (WordPress) with unauthenticated CSS Injection in versions

Malicious code in todomvc-app-css-alt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0c6d4197f21cc320b40acc6bd3816dbcb9c46fcfc93e32784f75f260ae8f80e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9255 Malicious code in todomvc-app-css-alt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0c6d4197f21cc320b40acc6bd3816dbcb9c46fcfc93e32784f75f260ae8f80e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in manoj-app-css-alt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0c88dab3b32782f38a2c1b962d842f1c4c52400df0c5622d73f4989ebc8381f6 The OpenSSF Package Analysis project identified 'manoj-app-css-alt' @ 9.1.1 npm as malicious. It is considered malicious because: - The package...

openSUSE 15 Security Update : roundcubemail (openSUSE-SU-2024:0328-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0328-1 advisory. Update to 1.6.8 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security...

CentOS 7 : firefox (RHSA-2020:4080)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4080 advisory. - In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds...

Book Recording App 2024-09-24 Cross Site Scripting

Exploit Title: Book Recording App - Cross Site Scripting Stored XSS Date: 05/10/2024 Exploit Author: Arif Ari Vendor Homepage: https://www.sourcecodester.com/javascript/17600/book-recording-app-using-htmlcss-vanillajs-source-code.html Software Link:...

CVE-2024-47348

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YellowPencil YellowPencil Visual CSS Style Editor yellow-pencil-visual-theme-customizer allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through = 7.6.4...

CVE-2024-47348 WordPress Visual CSS Style Editor plugin <= 7.6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6.4...

PT-2024-32563 · Unknown · Yellowpencil Visual Css Style Editor

Name of the Vulnerable Software and Affected Versions: YellowPencil Visual CSS Style Editor versions n/a through 7.6.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. A...

CVE-2024-9146

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in jamesdlow CSS JS Files css-js-files allows Path Traversal.This issue affects CSS JS Files: from n/a through = 1.5.0...