CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

Github Security Blog•added 2026/04/16 8:42 p.m.•4 views

ApostropheCMS: Stored XSS via CSS Custom Property Injection in @apostrophecms/color-field Escaping Style Tag Context

Summary The @apostrophecms/color-field module bypasses color validation for values prefixed with -- intended for CSS custom properties, but performs no HTML sanitization on these values. When styles containing attacker-controlled color values are rendered into tags — both in the global stylesheet...

5.4CVSS6.1AI score0.00014EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/04/15 7:29 p.m.•11 views

CVE-2026-33889 ApostropheCMS: Stored XSS via CSS Custom Property Injection in `@apostrophecms/color-field` Escaping Style Tag Context

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in the @apostrophecms/color-field module, where color values prefixed with -- bypass TinyColor validation intended for CSS custom properties, and the...

5.4CVSS0.00014EPSS

Exploits1References2

ATTACKERKB•added 2026/04/15 7:29 p.m.•1 views

CVE-2026-33889

5.4CVSS5.7AI score0.00014EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/04/15 7:29 p.m.•1 views

CVE-2026-33889 ApostropheCMS: Stored XSS via CSS Custom Property Injection in `@apostrophecms/color-field` Escaping Style Tag Context

5.4CVSS5.8AI score0.00014EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2018-12200

Malware in sbrugna...

6.7CVSS5.9AI score0.00022EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-0050

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00905EPSS

Exploits1References4

RedhatCVE•added 2025/05/23 6:57 a.m.•4 views

CVE-2024-56410

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting XSS vulnerability in custom properties. The HTML page is generated without clearing custom properties. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7...

5.4CVSS5.6AI score0.00905EPSS

Exploits1References1

NVD•added 2025/01/03 6:15 p.m.•10 views

CVE-2024-56410

5.4CVSS0.00905EPSS

Exploits1References2

OSV•added 2025/01/03 5:25 p.m.•8 views

GHSA-WV23-996V-Q229 PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties

Cross-Site Scripting XSS vulnerability in custom properties Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS vector v.4.0: 4.8...

5.4CVSS5.5AI score0.00905EPSS

Exploits1References4

Github Security Blog•added 2025/01/03 5:25 p.m.•13 views

PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties

5.4CVSS5.8AI score0.00905EPSS

Exploits1References4Affected Software2

Cvelist•added 2025/01/03 5:17 p.m.•11 views

CVE-2024-56410 PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability in custom properties

4.8CVSS0.00905EPSS

Exploits1References2

Vulnrichment•added 2025/01/03 5:17 p.m.•6 views

CVE-2024-56410 PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability in custom properties

4.8CVSS5.7AI score0.00905EPSS

Exploits1References2

CVE•added 2025/01/03 5:17 p.m.•56 views

CVE-2024-56410

PhpSpreadsheet has an XSS vulnerability in custom properties affecting the PhpSpreadsheet Writer Html path (class PhpOffice\PhpSpreadsheet\Writer\Html, generateMeta). Affected versions: < 3.7.0, < 2.3.5, < 2.1.6, and

5.4CVSS5.5AI score0.00905EPSS

Exploits1References2Affected Software1

OSV•added 2025/01/03 5:17 p.m.•5 views

CVE-2024-56410 PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability in custom properties

4.8CVSS5.6AI score0.00905EPSS

Exploits1References4

Positive Technologies•added 2024/12/23 12:0 a.m.•2 views

PT-2024-10175 · Unknown · Phpspreadsheet

Name of the Vulnerable Software and Affected Versions: PhpSpreadsheet versions prior to 3.7.0 PhpSpreadsheet versions prior to 2.3.5 PhpSpreadsheet versions prior to 2.1.6 PhpSpreadsheet versions prior to 1.29.7 Description: The issue is related to a cross-site scripting XSS vulnerability in cust...

5.4CVSS6.1AI score0.00905EPSS

Exploits1References13

Jake Archibald's Blog•added 2020/12/11 1:0 a.m.•19 views

CSS paint API: Being predictably random

Take a look at this: Space invaders If you're using a browser that supports the CSS paint API, the element will have a 'random' pixel-art gradient in the background. But it turns out, doing random in CSS isn't as easy as it seems… Initial implementation This isn't a full tutorial on the CSS paint...

6.8AI score

Exploits0

NVD•added 2018/07/06 2:29 p.m.•12 views

CVE-2018-1621

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346...

6.7CVSS5.3AI score0.00022EPSS

Exploits0References3

Prion•added 2018/07/06 2:29 p.m.•12 views

Design/Logic Flaw

2.1CVSS6.2AI score0.00022EPSS

Exploits0References3Affected Software1

Zero Day Initiative•added 2018/04/19 12:0 a.m.•24 views

Microsoft Edge CSS Custom Property Type Confusion Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

2.6CVSS0.4AI score0.13778EPSS

Exploits0References1

Zero Day Initiative•added 2018/03/23 12:0 a.m.•23 views

Microsoft Edge CSS var Function Type Confusion Information Disclosure Vulnerability

4.3CVSS0.5AI score0.13778EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by