Debian dla-3350 : node-css-what - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3350 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3350-1 [email protected]...

DLA-3350-1 node-css-what - security update

Bulletin has no description...

Expedia Group Bug Bounty: https://www.wotif.com/vc/blog/info.php script is prone to reflected HTML/CSS injection and COOKIE leak

The info.php script on https://www.wotif.com was vulnerable to reflected HTML/CSS injection and COOKIE leak due to caching of HTTP headers. An attacker could inject malicious HTML/CSS code and steal victim cookies. The vulnerability was reported to the vendor...

Deliver Faster Downloads for Better Browsing, Part 4 of 5

Web browsers read HTML, CSS, and JavaScript code as well as video, images, and SVG files, then use that data to build and render a web page...

WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF)

Software CSS JS Manager Type Plugin Vulnerable versions = 2.4.49 Fixed in 2.4.49.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47154 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d901e9767d13 Credits rezaduty Require...

SUSE CVE-2005-3759

Multiple cross-site scripting XSS vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 gzip/tar and 2 css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments...

SUSE CVE-2006-1730

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow...

SUSE CVE-2008-2785

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array aka nsCSSValue:Array data structure, which allows remote attackers to execute arbitrary code vi...

SUSE CVE-2008-5510

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines...

SUSE CVE-2009-1581

functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets CSS positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting XSS and phishing attacks, via a crafted...

SUSE CVE-2010-0046

The Cascading Style Sheets CSS implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via crafted format arguments...

SUSE CVE-2010-0053

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the run-in Cascading Style Sheets CSS display property...

SUSE CVE-2010-0169

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to...

SUSE CVE-2010-0651

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive...

SUSE CVE-2010-0653

Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document...

SUSE CVE-2010-0654

Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which...

SUSE CVE-2010-1392

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to HTML buttons and the first-letter C...

SUSE CVE-2010-1784

The counters functionality in the Cascading Style Sheets CSS implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of servi...

SUSE CVE-2010-1823

Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by ...

SUSE CVE-2010-2264

The Cascading Style Sheets CSS implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages...