CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

Debian DSA-5244-1 : chromium - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5244 advisory. - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install...

Google Chrome CSS Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from a mix-up of instructions responsible for freeing memory in CSS. An attacker can exploit the vulnerability to cause a...

tampabay.welcomeguide-map.com Cross Site Scripting vulnerability OBB-2963396

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The vulnerability of the Google Chrome browser’s CSS component, which allows a hacker to execute arbitrary code.

The vulnerability of the Google Chrome browser’s CSS component is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Google Chrome Security Update (stable-channel-update-for-desktop_27-2022-09) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome < 106.0.5249.61 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 106.0.5249.61. It is, therefore, affected by multiple vulnerabilities as referenced in the 202209stable-channel-update-for-desktop27 advisory. - Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prio...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from a mix-up of instructions responsible for freeing memory in CSS. An attacker can exploit the vulnerability to cause a...

Google Chrome < 106.0.5249.61 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 106.0.5249.61. It is, therefore, affected by multiple vulnerabilities as referenced in the 202209stable-channel-update-for-desktop27 advisory. - Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior ...

FreeBSD : chromium -- multiple vulnerabilities (18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec advisory. - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior t...

MetaMask: Possible to spoof Origin in "Connected Sites"

A vulnerability was discovered in MetaMask that allowed for the spoofing of the origin domain name in the "Connected Sites" list. This was caused by a CSS style sheet that set the direction to "right-to-left", which resulted in the order of characters in the domain name being messed up and...

bigbluest.com Cross Site Scripting vulnerability OBB-2943329

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious NPM Package Caught Mimicking Material Tailwind CSS Package

A malicious NPM package has been found masquerading as the legitimate software library for Material Tailwind, once again indicating attempts on the part of threat actors to distribute malicious code in open source software repositories. Material Tailwind is a CSS-based framework advertised by its...

diten.unige.it Cross Site Scripting vulnerability OBB-2929261

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-FV2M-9249-QX85 TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper

Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.1 Problem It has been discovered that the f:asset.css view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Solution Update to TYPO3 version 10.4.32 or 11.5.16 that fix the probl...

CVE-2022-36108 Cross-Site Scripting in typo3/cms-core

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the f:asset.css view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the...

PT-2022-23198 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 10.4.32 TYPO3 versions prior to 11.5.16 Description: The f:asset.css view helper in TYPO3 is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Recommendations: Update to TYPO3 versio...

Revive Adserver: Multiple cross-site scripting (XSS) vulnerabilities in Revive Adserver

Vulnerability description not provided...

UI REDRESSING

Description Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills...

The vulnerability of the Roundcube webmail client, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Roundcube email client relates to the lack of measures taken to protect the website structure during the processing of CSS style sheets. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by sending specially crafted email...