MAL-2024-7429 Malicious code in css-rule-extractor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53e9ced95ce8313baa1160e05f65af9e6247750f6dbd09fcaf40d1ded1874a86 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-5019

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges...

Malicious code in applied-css (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6651 Malicious code in applied-css (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in actionmailer-inline_css (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in incom-css (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2508 Malicious code in incom-css (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-3249

CVE-2024-3249: The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized data modification due to missing capability checks on import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings in all versions up to 1.6.2. Authenticated a...

SUSE CVE-2024-38547

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: sshcss: Fix a null-pointer dereference in loadvideobinaries The allocation failure of mycs-yuvscalerbinary in loadvideobinaries is followed with a dereference of mycs-yuvscalerbinary after the following call chain...

CVE-2024-3597 Export WP Page to Static HTML/CSS <= 2.2.2 - Open Redirect

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rcexportedzipfile parameter. This makes it possible for unauthenticated attackers to...

WordPress plugin Export WP Page to Static HTML/CSS security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

UBUNTU-CVE-2024-38547

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: sshcss: Fix a null-pointer dereference in loadvideobinaries The allocation failure of mycs-yuvscalerbinary in loadvideobinaries is followed with a dereference of mycs-yuvscalerbinary after the following call chain...

WordPress Export WP Page to Static HTML/CSS Plugin <= 2.2.2 is vulnerable to Open Redirection

Software Export WP Page to Static HTML/CSS Type Plugin Vulnerable versions = 2.2.2 Fixed in 2.2.3 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-3597 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 938d3f0380c6 Credits Krzysztof Zając Required...

PT-2024-30637 · WordPress · The Master Slider

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ms layer' shortcode due to insufficient input sanitizati...

Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update

Migration Toolkit for Runtimes 1.2.6 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Cross-Site Scripting

typo3/cms is vulnerable to Cross-Site Scripting. The vulnerability is due to improper sanitization of user input in the CSS styled content component, which allows an authenticated users to inject arbitrary HTML or JavaScript...

GHSA-8J9V-4HHH-X43C Cross-Site Scripting (XSS) in TYPO3 component CSS styled content

Failing to properly encode user input, the CSS styled content component is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript...

Cross-Site Scripting (XSS) in TYPO3 component CSS styled content

Failing to properly encode user input, the CSS styled content component is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript...

RHEL 5 : libcroco (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libcroco: Infinite loop in the crparserparseselectorcore function CVE-2017-8871 - The crinputnewfromuri...

CVE-2023-6382

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msslide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'cssclass' attribute. This mak...