5736 matches found
Malicious Package
Overview ignore-html-and-css-imports is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious...
Unhead Vulnerable to Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity
The link.href check in makeTagSafe safe.ts, line 68-71 uses String.includes, which is case-sensitive: typescript if key === 'href' if val.includes'javascript:' || val.includes'data:' return nextkey = val Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as...
FreeBSD : Firefox -- Same-origin policy bypass (e1e40d50-1de2-11f1-8aff-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e1e40d50-1de2-11f1-8aff-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2018400 reports: Same-origin policy bypass in the CSS Parsi...
PT-2026-33138
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.101 Description A use after free issue in CSS allows a remote attacker to execute arbitrary code inside a sandbox by inducing the victim to open a crafted HTML page. Use after free is a memory...
OPENSUSE-SU-2026:20345-1 Security update for python-lxml_html_clean
This update for python-lxmlhtmlclean fixes the following issues: Changes in python-lxmlhtmlclean: - CVE-2026-28348: improper keywords checking can allow external CSS loading bsc1259378 - CVE-2026-28350: lack of base tag handling can allow the hijacking of the resolution of relative URLs bsc125937...
SUSE CVE-2026-3846
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...
EUVD-2026-10505
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects Firefox 148.0.2...
CVE-2026-3846
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects Firefox 148.0.2...
CVE-2026-3846
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...
CVE-2026-3846
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...
UBUNTU-CVE-2026-3846
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...
CVE-2026-30977 RenderBlocking has Stored XSS in renderblocking-css with Inline Assets mode
RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This...
CVE-2026-30977
The CVE covers the MediaWiki extension RenderBlocking. Before version 0.1.1, a Stored XSS flaw existed in renderblocking-css when Inline Assets mode was used. Exploitation requires wgRenderBlockingInlineAssets = true and editsitecss user rights. The issue is fixed in 0.1.1. Affected component: re...
CVE-2026-3846
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects Firefox 148.0.2...
CVE-2026-3846 Same-origin policy bypass in the CSS Parsing and Computation component
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...
CVE-2026-3846
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...
CVE-2026-3846
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...
SUSE CVE-2026-28348
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...
RenderBlocking 跨站脚本漏洞
RenderBlocking is a media wiki extension developed by Peter Li, designed to prevent page style changes from occurring intermittently. Versions of RenderBlocking prior to 0.1.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the renderblocking-css in the Inline Asse...
PT-2026-24212
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148.0.2 Description A bypass of the same-origin policy exists in the CSS Parsing and Computation component. This allows potentially malicious actors to circumvent security restrictions designed to isolate web pages fr...