The vulnerability of the CSS Node-css-what selector analyzer, related to memory usage after deallocation, allows a attacker to cause a service failure.

The vulnerability of the CSS Node-css-what selector analyzer is related to an error in checking the size of input data. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

CVE-2021-41098

Summary (CVE-2021-41098 – Nokogiri on JRuby): The Nokogiri Rubygem (v1.12.4 and earlier) on JRuby exposes an XXE-related flaw by resolving external entities by default in the SAX parser. Affected classes include Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser (and Nokogiri::HTML::SAX::Par...

DRUPAL-CONTRIB-2021-038

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. The module does not sanitize values for CSS properties that are added by admins and rendered on the front-end, allowing attackers to inject malicious code into the front-en...

CVE-2021-3803

A flaw was found in nth-check nodejs library where it could lead to consuming a big amount of resources when executing some checks. Attackers could take advantage of this by crafting an invalid CSS nth-checks causing a disruption or a denial of service DoS...

Inefficient Regular Expression Complexity in nth-check

There is a Regular Expression Denial of Service ReDoS vulnerability in nth-check that causes a denial of service when parsing crafted invalid CSS nth-checks. The ReDoS vulnerabilities of the regex are mainly due to the sub-pattern \s?:+-?\s\d+? with quantified overlapping adjacency and can be...

GHSA-RP65-9CF3-CJXR Inefficient Regular Expression Complexity in nth-check

There is a Regular Expression Denial of Service ReDoS vulnerability in nth-check that causes a denial of service when parsing crafted invalid CSS nth-checks. The ReDoS vulnerabilities of the regex are mainly due to the sub-pattern \s?:+-?\s\d+? with quantified overlapping adjacency and can be...

CVE-2021-24638

The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website...

CVE-2021-24638

The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website...

CVE-2021-24530

The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Path traversal

The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website...

WordPress 插件路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The OMGF WordPress plugin suffers from a path...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Alojapro Widget 1.1.15 and earlier versions, which stems from the plugin not properly cleaning up its custom CSS settings, allowing an elevated privilege user t...

PT-2021-21939

Name of the Vulnerable Software and Affected Versions: nth-check versions affected versions not specified Description: The issue is related to Inefficient Regular Expression Complexity, specifically a Regular Expression Denial of Service ReDoS vulnerability. This vulnerability causes a denial of...

axialvent.ru Cross Site Scripting vulnerability OBB-2141816

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Inefficient Regular Expression Complexity in fb55/nth-check

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in nth-check. It allows cause a denial of service when parsing crafted invalid CSS nth-checks. The ReDoS vulnerabilities of the regex are mainly due to the sub-pattern \s?:+-?\s\d+? with quantified...

Inefficient Regular Expression Complexity in clean-css/clean-css

✍️ Description It allows cause a denial of service when calling function isDataUriResource. 🕵️‍♂️ Proof of Concept // PoC.js var isDataUriResource = require"clean-css/lib/utils/is-data-uri-resource" forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = 'data:' +...

WordPress cross-site scripting vulnerability

WordPress is the WordPress Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.A cross-site scripting vulnerability exists in Wordpress Plugin Highlight, which stems from the...

CVE-2021-30884

The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history...

DEBIAN-CVE-2021-30884

The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history...