PT-2024-37704 · WordPress · Add Admin Css

Name of the Vulnerable Software and Affected Versions: Add Admin CSS plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Full Path Disclosure, which occurs because the plugin uses bootstrap and leaves test files with display errors on. This allows...

Chromium: CVE-2024-7000 Use after free in CSS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Google Chrome Code Execution Vulnerability (CNVD-2024-33605)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that originates from memory reuse after release in CSS. An attacker can exploit this vulnerability to execute arbitrary code on the system...

KLA71043 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1...

Google Chrome < 127.0.6533.72 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 127.0.6533.72. It is, therefore, affected by multiple vulnerabilities as referenced in the 202407stable-channel-update-for-desktop23 advisory. - Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a...

PT-2024-5299 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 127.0.6533.72 Microsoft Edge affected versions not specified Description: The issue is related to a use after free in CSS, which can lead to heap corruption. A remote attacker could potentially exploit this by...

SAP CRM Cross-Site Scripting Vulnerability (CNVD-2024-36347)

SAP CRM is a customer relationship management system from SAP, Germany. SAP CRM suffers from a cross-site scripting vulnerability that stems from custom CSS support options that do not adequately encode user-controlled input, which can be exploited by an attacker to execute arbitrary web script o...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-026)

The version of firefox installed on the remote host is prior to 115.12.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-026 advisory. RESERVEDNOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/CVE-2022-2205 CVE-2022-2205 An attack...

Important: firefox

Issue Overview: RESERVED NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/CVE-2022-2205 CVE-2022-2205 An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerabilit...

WordPress Happy SCSS Compiler - Compile SCSS to CSS automatically plugin <= 1.3.10 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

WordPress Happy SCSS Compiler - Compile SCSS to CSS automatically plugin = 1.3.10 - Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin SCSS Happy Compiler versions = 1.3.10...

CVE-2024-5810

The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for...

CVE-2024-5600

The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the importsettings function in all versions up to, and including, 1.3.10. This makes it possible f...

CVE-2024-5810

The CVE-2024-5810 entry concerns the WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 WordPress plugin. The connected Red Hat entry confirms that all versions up to 1.0.1 are affected due to hard-coded credentials used to authenticate incoming API requests, enabling unauthenticated atta...

CVE-2024-5810 WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 <= 1.0.1 - Improper Authorization due to use of Hardcoded Credentials

The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for...

CVE-2024-37174

Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application...

CVE-2024-37174 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)

Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application...

CVE-2024-37174

The CVE-2024-37174 entry concerns SAP CRM WebClient UI, where a Cross-Site Scripting vulnerability arises from insufficient encoding of user-controlled input in the Custom CSS support option. The issue affects the WebClient UI and can impact confidentiality and integrity to a limited degree, with...

CVE-2024-37174 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)

Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application...

SAP CRM 跨站脚本漏洞

SAP CRM is a customer relationship management system from SAP, Germany. SAP CRM suffers from a cross-site scripting vulnerability that stems from custom CSS support options that do not adequately encode user-controlled input, which can be exploited by an attacker to execute arbitrary web script o...

Malicious code in css-rule-extractor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53e9ced95ce8313baa1160e05f65af9e6247750f6dbd09fcaf40d1ded1874a86 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...