in slidevjs/slidev

Description Vulnerability: CSS injection and Limited XSS via postMessage While reading the code, I came across packages/client/iframes/monaco/index.ts file, where a message eventListener is being used. The callback function adds the content of message inside tag. This way, the attacker can post a...

CVE-2021-24964

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if...

Cross site scripting

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if...

Visual CSS Style Editor < 7.5.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

Visual CSS Style Editor < 7.5.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=yellow-pencil-editor=1pageid=homepagetype=homemode=singlepagetype=...

WordPress Visual CSS Style Editor plugin <= 7.5.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Visual CSS Style Editor plugin versions = 7.5.3. Solution Update the WordPress Visual CSS Style Editor plugin to the latest available version at least 7.5.4...

Roundcube -- XSS vulnerability

The Roundcube project reports: Cross-site scripting XSS via HTML messages with malicious CSS content...

PT-2021-7305 · Roundcube +3 · Roundcube +3

Name of the Vulnerable Software and Affected Versions: Roundcube versions 1.4.13 and earlier, 1.5.x before 1.5.2 Description: The issue allows for cross-site scripting XSS attacks via crafted Cascading Style Sheets CSS token sequences in HTML e-mail messages. This can enable a remote attacker to...

dunhamssports.com Cross Site Scripting vulnerability OBB-2313200

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Information Disclosure

webkit2gtk:edge is vulnerable to information disclosure. The issue was resolved with additional restrictions on CSS compositing.Visiting a maliciously crafted website may reveal a user's browsing history...

5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2022-25349 via materialize-css (>=0.100.2 <=1.0.0)

materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2022-25349 Source advisory: SNYK:JS-MATERIALIZECSS-2324800...

CVE-2021-30884

A flaw was found in the way WebKitGTK performed CSS compositing. A malicious web site could possibly use this flaw to reveal user's browsing history...

WordPress H5P CSS Editor plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. H5P CSS Editor plugin is a WordPress open source application plugin. WordPress H5P CSS Editor plugin has a...

CVE-2021-39318

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

CVE-2021-39318

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

Cross site scripting

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

CVE-2021-39318 H5P CSS Editor <= 1.0 Reflected Cross-Site Scripting

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

CVE-2021-39318 H5P CSS Editor <= 1.0 Reflected Cross-Site Scripting

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

CVE-2021-39318

The CVE concerns the WordPress H5P CSS Editor plugin (versions

H5P CSS Editor <= 1.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...