5767 matches found
The vulnerability of the Google Chrome browser’s CSS component, which allows a hacker to execute arbitrary code.
The vulnerability of the Google Chrome browser’s CSS component is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
FreeBSD : chromium -- multiple vulnerabilities (18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec advisory. - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior t...
Google Chrome < 106.0.5249.61 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 106.0.5249.61. It is, therefore, affected by multiple vulnerabilities as referenced in the 202209stable-channel-update-for-desktop27 advisory. - Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior ...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from a mix-up of instructions responsible for freeing memory in CSS. An attacker can exploit the vulnerability to cause a...
Google Chrome < 106.0.5249.61 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 106.0.5249.61. It is, therefore, affected by multiple vulnerabilities as referenced in the 202209stable-channel-update-for-desktop27 advisory. - Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prio...
MetaMask: Possible to spoof Origin in "Connected Sites"
A vulnerability was discovered in MetaMask that allowed for the spoofing of the origin domain name in the "Connected Sites" list. This was caused by a CSS style sheet that set the direction to "right-to-left", which resulted in the order of characters in the domain name being messed up and...
bigbluest.com Cross Site Scripting vulnerability OBB-2943329
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious NPM Package Caught Mimicking Material Tailwind CSS Package
A malicious NPM package has been found masquerading as the legitimate software library for Material Tailwind, once again indicating attempts on the part of threat actors to distribute malicious code in open source software repositories. Material Tailwind is a CSS-based framework advertised by its...
diten.unige.it Cross Site Scripting vulnerability OBB-2929261
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
GHSA-FV2M-9249-QX85 TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.1 Problem It has been discovered that the f:asset.css view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Solution Update to TYPO3 version 10.4.32 or 11.5.16 that fix the probl...
CVE-2022-36108 Cross-Site Scripting in typo3/cms-core
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the f:asset.css view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the...
PT-2022-23198 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 10.4.32 TYPO3 versions prior to 11.5.16 Description: The f:asset.css view helper in TYPO3 is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Recommendations: Update to TYPO3 versio...
Revive Adserver: Multiple cross-site scripting (XSS) vulnerabilities in Revive Adserver
Vulnerability description not provided...
UI REDRESSING
Description Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills...
The vulnerability of the Roundcube webmail client, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of the Roundcube email client relates to the lack of measures taken to protect the website structure during the processing of CSS style sheets. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by sending specially crafted email...
Mozilla Thunderbird Security Advisory (MFSA2022-31) - Windows
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...
CVE-2022-2543
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts...
CVE-2022-2543
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts...
CVE-2022-2597
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts...
CVE-2022-2597
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts...