Security Bulletin: Vulnerabilities in Swagger affects WebSphere Application Server Liberty

Summary There are vulnerabilities in Swagger that affects WebSphere Application Server Liberty used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information,...

CVE-2020-12825

A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat from this vulnerability is to system availability. Mitigation To mitigate...

mishoran.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1160281 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

[SECURITY] Fedora 32 Update: roundcubemail-1.4.4-1.fc32

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

PT-2020-6929

Name of the Vulnerable Software and Affected Versions libcroco versions 0.6.13 and earlier Description The issue is related to the cr parser parse any core function in the cr-parser.c component of the libcroco library, which is used for working with cascading style sheets css2. It is associated...

itexamworld.net Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1155085 Security Researcher atmon3r Helped patch 228 vulnerabilities Received 5 Coordinated Disclosure badges Received 14 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting itexamworld.net website and...

CVE-2020-6813

When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox 74...

Malicious Package

Overview applied-css is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using applied-css...

MGASA-2020-0167 Updated mediawiki packages fix security vulnerability

Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.7, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because...

Updated mediawiki packages fix security vulnerability

Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.7, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because...

motorsite.it Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1142592 Security Researcher geeknik Helped patch 8924 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting motorsite.it website and i...

vfab.se Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1138995 Security Researcher geeknik Helped patch 8938 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting vfab.se website and its...

Erroneous Stylesheet Caching

SeaMonkey is vulnerable to erroneous stylesheet caching. The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font...

Remote Code Execution (RCE)

The kdelibs is vulnerable to Remote Code Execution RCE. A flaw was found in the way the KDE CSS parser handled content for the CSS "style" attribute. A remote attacker could create a specially-crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of...

Cross-site Scripting (XSS)

squirrelmail is vulnerable to cross-site scripting XSS. The vulnerability exists as it was discovered that SquirrelMail did not properly sanitize Cascading Style Sheets CSS directives used in HTML mail. A remote attacker could send a specially-crafted email that could place mail content above...

Cross-site Scripting (XSS)

nss is vulnerable to cross-site scripting XSS. The vulnerability exists as a flaw was found in Firefox's CSS parser. A malicious web page could inject NULL characters into a CSS input string, possibly bypassing an application's script sanitization routines...

CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

CVE-2019-17016

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

MediaWiki xss vulnerability

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.34.1. The...

MediaWiki 1.31.x < 1.31.7, 1.33.x < 1.33.3 and 1.34.0 Multiple Vulnerabilities - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...