Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5743 matches found

Tenable Nessus
Tenable Nessusadded 2020/04/06 12:0 a.m.38 views

Debian DSA-4651-1 : mediawiki - security update

It was discovered that some user-generated CSS selectors in MediaWiki, a website engine for collaborative work, were not escaped. The oldstable distribution stretch is not affected. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

5.3CVSS5.6AI score0.01123EPSS
Exploits1References4
OpenVAS
OpenVASadded 2020/04/04 12:0 a.m.13 views

Debian: Security Advisory (DSA-4651-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.5AI score0.01123EPSS
Exploits1References4
NVD
NVDadded 2020/04/03 3:15 p.m.15 views

CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler ...

5.3CVSS5AI score0.01123EPSS
Exploits1References2
OSV
OSVadded 2020/04/03 3:15 p.m.1 views

DEBIAN-CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler ...

5.3CVSS5.5AI score0.01123EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2020/04/03 3:15 p.m.19 views

CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler ...

5.3CVSS6.1AI score0.01123EPSS
Exploits1References3
Prion
Prionadded 2020/04/03 3:15 p.m.21 views

Cross site scripting

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler ...

5CVSS5AI score0.01123EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2020/04/03 2:13 p.m.130 views

CVE-2020-10960

CVE-2020-10960 affects MediaWiki prior to 1.34.1, where jquery.makeCollapsible can apply handlers to arbitrary CSS selectors, allowing injection of CSS classes that can alter UI visibility. There is no publicly documented XSS exploit in the provided sources. Multiple connected docs indicate a fix...

5.3CVSS5AI score0.01123EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVEadded 2020/04/03 2:13 p.m.28 views

CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler ...

5.3CVSS5AI score0.01123EPSS
Exploits1
Debian
Debianadded 2020/04/02 8:47 p.m.75 views

[SECURITY] [DSA 4651-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4651-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 02, 2020 https://www.debian.org/security/faq -...

5.3CVSS5.3AI score0.01123EPSS
Exploits1
Friends Of PHP
Friends Of PHPadded 2020/03/26 2:2 p.m.18 views

makeCollapsible allows applying event handler to any CSS selector

More info at https://phabricator.wikimedia.org/T246602...

5.3CVSS7.2AI score0.01123EPSS
Exploits1Affected Software1
NVD
NVDadded 2020/03/25 10:15 p.m.15 views

CVE-2020-6813

When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox 74...

5.3CVSS6.5AI score0.01174EPSS
Exploits0References2
Prion
Prionadded 2020/03/25 10:15 p.m.25 views

Design/Logic Flaw

When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox 74...

5CVSS5.4AI score0.01174EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2020/03/25 9:11 p.m.29 views

CVE-2020-6813

When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox 74...

6.4AI score0.01174EPSS
Exploits0References2
CVE
CVEadded 2020/03/25 9:11 p.m.195 views

CVE-2020-6813

CVE-2020-6813 affects Firefox prior to 74, where protecting CSS blocks with the Content Security Policy nonce could be bypassed via an @import in a CSS block, allowing style injection and bypass of CSP intent. The IBM bulletin for IBM Cloud App Management documents this exact CVE and notes the vu...

5.3CVSS6.2AI score0.01174EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVEadded 2020/03/25 9:11 p.m.22 views

CVE-2020-6813

When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox 74...

5.3CVSS7.5AI score0.01174EPSS
Exploits0
OSV
OSVadded 2020/03/20 12:17 a.m.28 views

CVE-2019-16108

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

7.5CVSS6.9AI score
Exploits0References1
NVD
NVDadded 2020/03/20 12:17 a.m.22 views

CVE-2019-16108

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

7.5CVSS7.5AI score0.01077EPSS
Exploits0References1
Prion
Prionadded 2020/03/20 12:17 a.m.17 views

Code injection

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

5CVSS7.5AI score0.01077EPSS
Exploits0References1Affected Software1
CNVD
CNVDadded 2020/03/20 12:0 a.m.2 views

phpBB Injection Vulnerability

phpBB is a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. phpBB 3.2.7 version of an injection vulnerability , the vulnerability stems from the program fails to validate the BBCode paramete...

7.5CVSS7.5AI score0.01077EPSS
Exploits0References1
Cvelist
Cvelistadded 2020/03/19 11:3 p.m.32 views

CVE-2019-16108

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

7.5AI score0.01077EPSS
Exploits0References1
Rows per page
Query Builder