CVE-2022-45418

If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

CVE-2022-31744

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...

CVE-2022-22738

Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

CVE-2022-4619

The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Extra CSS class’ parameter in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Sidebar Widgets by CodeLights 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in Sidebar...

GitLab: Stored XSS via Kroki diagram

Arbitrary javascript could be executed when a victim views a comment on GitLab due to a stored XSS vulnerability via Kroki diagram. This was possible by crafting a pre block so that arbitrary attributes can be injected into the resulting img tag. The vulnerability was caused by the lang attribute...

CVE-2022-4560 Joget wflow-core UniversalTheme.java getInternalJsCssLib cross site scripting

A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to...

CVE-2022-46162

discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...

Design/Logic Flaw

discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...

CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection

discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...

CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection

discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...

PT-2022-27779 · Discourse · Discourse-Bbcode

Name of the Vulnerable Software and Affected Versions: discourse-bbcode versions prior to commit 91478f5 Description: The issue affects sites with the discourse-bbcode plugin installed and enabled, allowing CSS injection when rendering content generated with the plugin. As a workaround, enabling...

CVE-2022-46162

CVE-2022-46162 concerns the discourse-bbcode plugin for Discourse. Prior to commit 91478f5, rendering content generated with the plugin could trigger CSS injection, affecting sites with the plugin installed and enabled. The issue is patched in commit 91478f5. A practical workaround is to enable a...

CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection

discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...

[SECURITY] Fedora 37 Update: drupal7-link-1.11-1.fc37

The link module can be count to the top 50 modules in Drupal installations and provides a standard custom content field for links. With this module links can be added easily to any content types and profiles and include advanced validating and different ways of storing internal or external links...

Fedora: Security Advisory for drupal7-link (FEDORA-2022-d209710a36)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: Custom mouse cursor could have been drawn over browser UI

The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...

AlmaLinux 8 : thunderbird (ALSA-2022:8547)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:8547 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2022-320-02)

The version of mozilla-firefox installed on the remote host is prior to 102.5.0esr / 107.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-320-02 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timi...

CVE-2022-45418

The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...