5750 matches found
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
Code injection
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
UBUNTU-CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
CVE-2023-44270
CVE-2023-44270 : PostCSS before 8.4.31 has a vulnerability where CSS that is parsed from external untrusted CSS can cause parts of the CSS to be treated as comments and then end up in the PostCSS output as valid CSS nodes (rules/properties). This can occur when linters rely on PostCSS for parsing...
PT-2023-7567
Name of the Vulnerable Software and Affected Versions PostCSS versions prior to 8.4.31 Description The issue affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contain parts parsed by PostCSS as a CSS comment. After processing by...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
WordPress Instant CSS Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Instant CSS Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44243 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a017a7cc7d6c Credits Nguyen Xuan Chien...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
[SECURITY] Fedora 37 Update: roundcubemail-1.6.3-1.fc37
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
[SECURITY] Fedora 38 Update: roundcubemail-1.6.3-1.fc38
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
Stored XSS at LOGO+USER menu
Description Please enter a description of the vulnerability. Proof of Concept login with admin account visit https://demo.instantcms.io/admin/widgets?templatename=modern&scrollto=row-14 navigate to logo+user menu tab insert payload 1" onmouseover = "alert'hackedbytisha' at Parent row Tag CSS clas...
Store XSS in Widgets and pages in instantsoft/icms2
Description I noticed that you filtered the filter very carefully. But there are still some parts you missed Proof of Concept 1 . Login with admin 2 . Go to "http://localhost/o2/admin/menu/itemedit/18" 3 . Insert payload in CSS class 4 . Click save , and go to home page, and Detect store xss in...
KLA60564 Multiple vulnerabilities in Microsoft Dynamics
Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability Microsoft Dynamics 365 on-premises can be exploited remotely to spoof user...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to the 116.0.5845.140 release, fixing 5 vulnerabilities. High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim@cassidy6564 on 2023-08-02 High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03 High...
Oracle Linux 6 : firefox (ELSA-2020-0086)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0086 advisory. - Added fix for mozbz1348168/CVE-2017-5428 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...
Oracle Linux 6 : thunderbird (ELSA-2020-0123)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0123 advisory. 68.4.1-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 68.4.1-2 - Update to 68.4.1 build1 Tenable has...
CVE-2023-39956
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with...
CVE-2023-23623 Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a script-src directive and not providing unsafe-eval in that directive, is not respected in renderers that have sandb...
CVE-2023-23623 Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a script-src directive and not providing unsafe-eval in that directive, is not respected in renderers that have sandb...