KLA11629 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions, perform cross-site scripting attack. Below is a complete list of...

Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Swagger UI (CVE-2019-17495)

Summary A Security Vulnerability affects IBM Cloud Private - Swagger UI Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based...

WP Accessibility < 1.7.0 - Minor Authenticated Stored XSS in custom CSS

A minor authenticated stored XSS vulnerability was found in the "Styles for Skiplinks when they have focus" section of the WP Accessibility plugin. 1 Navigate to the Settings page of the plugin https://example.com/wp-admin/options-general.php?page=wp-accessibility/wp-accessibility.php 2 Select th...

WP Accessibility < 1.7.0 - Minor Authenticated Stored XSS in custom CSS

A minor authenticated stored XSS vulnerability was found in the "Styles for Skiplinks when they have focus" section of the WP Accessibility plugin. PoC 1 Navigate to the Settings page of the plugin https://example.com/wp-admin/options-general.php?page=wp-accessibility/wp-accessibility.php 2 Selec...

EulerOS 2.0 SP5 : libcroco (EulerOS-SA-2019-2694)

According to the versions of the libcroco package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The crtknzrparsecomment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service memory allocation error...

EulerOS 2.0 SP3 : libcroco (EulerOS-SA-2019-2605)

According to the versions of the libcroco package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This package provides the necessary development libraries and include files to allow you to develop with libcroco.Security Fixes:The...

Updated libcroco packages fix security vulnerability

Updated libcroco packages fix security vulnerabilities: Heap overflow input: check end of input before reading a byte CVE-2017-7960. Undefined behavior tknzr: support only max long rgb values CVE-2017-7961. Denial of service memory allocation error via a crafted CSS file CVE-2017-8834. Denial of...

budgethotels.sg Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1038308 Security Researcher devl00p Helped patch 2887 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting budgethotels.sg website...

@jamesbliss/react-flickity (>=1.0.0 <=1.4.0), @jamesbliss/react-spy (=0.0.1) +21 more potentially affected by CVE-2019-10773 via yarn (>=1.0.2 <=1.21.0)

yarn NPM version =1.0.2, =1.0.0, =1.9.9, =1.0.0, =1.0.21, =8.3.8, =0.1.0, =3.0.0, =0.0.1, =0.0.0-semantic-release, =1.5.9, =1.1.2, =1.13.1 and more Source cves: CVE-2019-10773 Source advisory: SNYK:JS-YARN-537806...

The vulnerability in the implementation of the API technology used by CSS Paint in the Google Chrome browser allows attackers to disclose protected information.

The vulnerability of the API implementation in Google Chrome’s CSS Paint technology lies in the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information through a specially created HTML page...

Google Chrome Blink Resource Management Error Vulnerability (CNVD-2019-44527)

Google Chrome is a Web browser from Google, a U.S. company. Blink is a browser layout engine rendering engine jointly developed by Google and Norway's OperaSoftware. A resource management error vulnerability exists in the 'WebCore::CSSSelector' function of Blink in Google Chrome prior to version...

Input validation

The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a cssheroaction=editpage request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in th...

CVE-2019-19133

The CVE covers a reflected XSS in the WordPress CSS Hero plugin up to version 4.0.3, caused by insufficient sanitization of user input in the URI when csshero_action=edit_page is used. An authenticated attacker could trigger arbitrary JavaScript in the victim’s browser on the affected site, poten...

CVE-2019-19133

The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a cssheroaction=editpage request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in th...

WordPress CSS Hero plugin <= 4.03 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability found by Cary Hooper in WordPress CSS Hero plugin versions = 4.03. Solution Update the WordPress CSS Hero plugin to the latest available version at least 4.07...

WordPress CSS Hero 4.0.3 Cross Site Scripting

Team, Document Title =============== CVE-2019-19133 Reflected XSS in CSS Hero = v.4.0.3 WordPress plugin. Product Description =============== CSS Hero WordPress Plugin A live WordPress Theme editor that works without modifying any of your theme files. Very low performance footprint: only generate...

EulerOS 2.0 SP2 : libcroco (EulerOS-SA-2019-2520)

According to the versions of the libcroco package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The crtknzrparsecomment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service memory allocation error...

KLA11611 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Incorrectly image loading...

Denial Of Service (DoS) Through Infinite Loop

css-element-queries is vulnerable to denial of service DoS attacks. If an element is added to DOM and removed from DOM very quickly even before the first reset happens, the requestAnimationFrame of reset itself will get stuck in an infinite loop leading to denial of service conditions and memory...

CSS Hero < 4.07 - Authenticated Reflected XSS

The css-hero WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability...