5752 matches found
phpBB arbitrary CSS injection
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...
cssfontstack.com Cross Site Scripting vulnerability OBB-2624871
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WP Admin Style <= 0.1.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed Put the following payload in the CSS settings of the plugin:...
Minimal Coming Soon – Coming Soon Page < 2.35 - Multiple Authenticated Stored XSS
The plugin does not sanitize or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them, which will be triggered in the backend. A As admin, put the following in the Custom CSS setting...
The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird, related to insufficient protection of sensitive data, allows attackers to gain access to protected information or cause other adverse effects.
The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird is related to insufficient protection of service data during the processing of CSS. Exploiting this vulnerability can allow a remote attacker to gain access to protected information or perform other malicious...
CVE-2019-10732
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...
CVE-2022-1416
Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling...
CVE-2022-1416
CVE-2022-1416 affects GitLab CE/EE with vulnerable Pipeline error message sanitization across multiple version ranges: 1.0.2–14.8.5, 14.9.0–14.9.3, and 14.10.0–14.10.0. Root cause: missing sanitization allows rendering attacker-controlled HTML tags and CSS. Impact: potential HTML/CSS styling rend...
CVE-2022-1416
Removed by vendor...
PT-2022-13871 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 1.0.2 through 14.8.6 GitLab CE/EE versions 14.9.0 through 14.9.4 GitLab CE/EE versions 14.10.0 through 14.10.1 Description: The issue is related to missing sanitization of data in Pipeline error messages, allowing for th...
Mozilla: Leaking browser history with CSS variables
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox behaving slightly differently for already known resources when loading CSS resources involving CSS variables. This flaw could probe the browser history...
ROS-20220518-02
A vulnerability in Mozilla Thunderbird email client is related to incorrect processing of user input data when processing signed and encrypted attached messages. user input when processing signed and encrypted attached messages. Exploitation exploitation of the vulnerability could allow a remote...
GHSA-3FGQ-CMR4-97RR phpMyAdmin CSS Injection Vulnerability
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters...
phpMyAdmin CSS Injection Vulnerability
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters...
css-semdiff (>=1.0.0 <=1.1.0), dtsm (>=0.0.1 <=1.1.0) +6 more potentially affected by CVE-2017-1000451 via fs-git (>=0.1.1 <=1.0.1)
fs-git NPM version =0.1.1, =1.0.0, =0.0.1, =0.1.1, =1.0.0, =1.0.8, =0.1.0, =0.0.3, =0.0.11 Source cves: CVE-2017-1000451 Source advisory: OSV:GHSA-WP3J-GV53-4PG8...
GHSA-WXVP-8Q8H-R6RR Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets CSS and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified...
Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets CSS and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified...
GHSA-3P68-M5QW-9G9W HTML Purifier cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 background-image, 2 background, or 3 font-family Cascading Style Sheets CSS property, a different...
webkit2gtk3 security, bug fix, and enhancement update
An update is available for webkit2gtk3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list WebKitGTK is the port of the portable web rendering engine WebKit to the...
Moderate: webkit2gtk3 security, bug fix, and enhancement update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 2.34.6. BZ1985042 Security Fixes: webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use...