CVE-2019-16108

Summary (CVE-2019-16108): phpBB 3.2.7 is vulnerable to CSS injection via BBCode that can inject an arbitrary CSS token sequence into a page. The root cause is insecure handling/validation of BBCode parameters, enabling an attacker to alter page styling. The vulnerability affects phpBB 3.2.7; no e...

Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-17495)

Summary IBM Cloud Transformation Advisor has addressed the following vulnerability. CVE-2019-17495 Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the relative path overwrit...

CVE-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

Cross site scripting

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

CVE-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

EulerOS Virtualization for ARM 64 3.0.2.0 : libcroco (EulerOS-SA-2020-1251)

According to the versions of the libcroco package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - DISPUTED The crtknzrparsergb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an 'outside the range of...

CVE-2020-6813

When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox 74...

Cross site scripting

Multiple Stored Cross-site scripting XSS vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users with minimal permissions to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mecsavenotifications and...

CVE-2018-21033

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets CSS token sequence. Hitachi Command Suite includes...

Design/Logic Flaw

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets CSS token sequence. Hitachi Command Suite includes...

CVE-2018-21033

The CVE-2018-21033 vulnerability affects Hitachi Command Suite (and related products) prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00, and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00. The issue allows authenticated remote users to load an arbitrary CSS token sequen...

CVE-2018-21033

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets CSS token sequence. Hitachi Command Suite includes...

Amazon Linux 2 : thunderbird (ALAS-2020-1393)

The version of thunderbird installed on the remote host is prior to 68.4.1-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1393 advisory. When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace...

KLA11669 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. A memory corruption...

Important: thunderbird

Issue Overview: When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR tag from the clipboard into...

CVE-2012-4512

The CSS parser khtml/css/cssparser.cpp in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service crash and possibly read memory via a crafted font face source, related to "type confusion."...

Type confusion

The CSS parser khtml/css/cssparser.cpp in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service crash and possibly read memory via a crafted font face source, related to "type confusion."...

CVE-2012-4512

The CSS parser khtml/css/cssparser.cpp in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service crash and possibly read memory via a crafted font face source, related to "type confusion."...

CVE-2012-4512

CVE-2012-4512 affects Konqueror’s CSS parser (khtml/css/cssparser.cpp) in KDE 4.7.3. A remote attacker can crash the browser and possibly read memory via a crafted font-face source due to a type-confusion issue. Connected advisories (MiracleLinux AXSA-2012-970:03, SUSE/Security Advisories, Gentoo...

CVE-2012-4512

Removed by vendor...