WordPress CSS & JavaScript Toolbox Plugin <= 11.8 is vulnerable to Cross Site Scripting (XSS)

Software CSS & JavaScript Toolbox Type Plugin Vulnerable versions = 11.8 Fixed in 11.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50823 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 61031c39a340 Credits Ngô Thiên An ancorn from VNPT-V...

css-bierwiese.de Improper Access Control vulnerability OBB-3818234

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

HTML/CSS Injection

HTML/CSS Injection is an attack that injects arbitrary characters into a web page. When an application does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value which is then reflected in the page. This attack is typically us...

Use After Free

Chromium is vulnerable to Use After Free. The vulnerability is due to improper memory management in CSS component of Google Chrome. This allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Fedora 38 : chromium (2023-3d9f7ca27f)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3d9f7ca27f advisory. update to 120.0.6099.109 - High CVE-2023-6702: Type Confusion in V8 - High CVE-2023-6703: Use after free in Blink - High CVE-2023-6704: Use after fr...

CVE-2023-6707

Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-6707

Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-6707

Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-6707

Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-6707

CVE-2023-6707 is a Use-after-free in CSS in Google Chrome (Chromium) prior to 120.0.6099.109. The issue affects the CSS handling path in Chrome/Chromium and can lead to heap corruption via a crafted HTML page. The Chrome stable channel update 120.0.6099.109 (and related Chromium 120.0.6099.109 bu...

CVE-2023-6707

Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-6707

Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-48631

A Regular Expression Denial of Service ReDoS vulnerability was found in Adobe's css-tools when parsing CSS. This issue occurs due to improper input validation and may allow an attacker to use a carefully crafted input string to cause a denial of service, especially when attempting to parse CSS...

CVE-2023-48631

@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS...

CVE-2023-48631

@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS...

Input validation

@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS...

CVE-2023-48631 Denial of Service of regular expression in package @adobe/css-tools

@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS...

CVE-2023-48631

Technical details for CVE-2023-48631 are not provided in the connected documents. Monitor for updates from the CNA/vendor advisories.

Chromium: CVE-2023-6707 Use after free in CSS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

MAL-2023-8698 Malicious code in css-hell (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware add41af1a627bb97a8a95ccab38f262f0d07cd937276bb7b10b01d01f4a4478d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...