5751 matches found
CVE-2023-24539
Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...
CVE-2023-24539
CVE-2023-24539 affects golang html/template across multiple advisories (Astra Linux, CBLMariner, AlmaLinux) and is linked to improper sanitization of CSS values in HTML templates. The issue can allow injection of unexpected HTML when templates process untrusted input due to how CSS values are han...
CVE-2023-24539 Improper sanitization of CSS values in html/template
Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...
CVE-2023-24539
Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...
Ubuntu: Security Advisory (USN-6065-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6065-1 node-css-what vulnerabilities
It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2021-33587, CVE-2022-21222...
USN-6065-1: css-what vulnerabilities
It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2021-33587, CVE-2022-21222...
CVE-2022-33961
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...
CVE-2022-33961 WordPress YellowPencil Visual CSS Style Editor Plugin <= 7.5.8 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...
CVE-2022-33961
CVE-2022-33961 is an admin+ authenticated Stored XSS in the WordPress YellowPencil Visual CSS Style Editor plugin (
WordPress plugin Visual CSS Style Editor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
kernel: cgroup: Use separate src/dst nodes when preloading css_sets for migration
In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading csssets for migration Each cset cssset is pinned by its tasks. When we're moving tasks around across csets for a migration, we need to hold the source and destination csets to...
CVE-2023-30743
Due to improper neutralization of input in SAPUI5 - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by th...
CVE-2023-30743
Due to improper neutralization of input in SAPUI5 - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by th...
Design/Logic Flaw
Due to improper neutralization of input in SAPUI5 - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by th...
CVE-2023-30743 Improper Neutralization of Input in SAPUI5
Due to improper neutralization of input in SAPUI5 - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by th...
CVE-2023-30743 Improper Neutralization of Input in SAPUI5
Due to improper neutralization of input in SAPUI5 - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by th...
CVE-2023-30743
The CVE-2023-30743 entry affects SAPUI5: sap.m.FormattedText in SAPUI5 versions SAP_UI 750, 754, 755, 756, 757, UI_700 200 is vulnerable to injection of untrusted CSS due to improper input neutralization. This can block user interaction and, without URL validation, could enable a phishing-style r...
PT-2023-22947 · Sap · Sapui5
Name of the Vulnerable Software and Affected Versions: SAPUI5 versions SAP UI 750, SAP UI 754, SAP UI 755, SAP UI 756, SAP UI 757, UI 700 200 Description: The issue arises from improper neutralization of input in SAPUI5, allowing the injection of untrusted CSS through the sap.m.FormattedText SAPU...