3 matches found
Nextcloud: Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
Summary: The mail extension in nextcloud includes a module called "cerdic/csstidy" which basically ships with a publicly accessible test/example interface to play with the CSS formatter and optimiser /apps/mail/vendor/cerdic/css-tidy/cssoptimiser.php. This module allows contacting any remote serv...
CSSTidy 1.3 - css_optimiser.php Cross-Site Scripting
CSSTidy 1.3 - cssoptimiser.php Cross-Site Scripting source: https://www.securityfocus.com/bid/41552/info CSSTidy is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. ImpressCMS versions that use the vulnerable application are also affected. A...
CSSTidy 1.3 - 'css_optimiser.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/41552/info CSSTidy is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. ImpressCMS versions that use the vulnerable application are also affected. An attacker may leverage this issue to execute...