Lucene search
K

21 matches found

GithubExploit
GithubExploit
added 2026/06/12 5:49 p.m.70 views

katex-xss-test

KaTeX render test Inline href: $\hrefjavascript:alertdocume...

5.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/24 3:31 p.m.185 views

PostCSS has XSS via Unescaped </style> in its CSS Stringify Output

PostCSS: XSS via Unescaped in CSS Stringify Output Summary PostCSS v8.5.5 latest does not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS values breaks out of the style context, enabling XSS. Proof of Concept...

6.1CVSS5.3AI score0.00205EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

PostCSS 跨站脚本漏洞

PostCSS is an open-source style transformation tool developed by PostCSS. Versions of PostCSS prior to 8.5.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of the sequence during CSS stringification using the CSS AST. As a result, when the...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References2
Redos
Redos
added 2026/04/01 12:0 a.m.7 views

ROS-20260401-73-0001

A vulnerability in the HTML Style Checker module of RoundCube Webmail is related to incorrect encoding or escaping of output data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

7.5CVSS5.9AI score0.00244EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/25 12:0 a.m.7 views

Fedora 43 : roundcubemail (2025-58eb59741f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-58eb59741f advisory. Release 1.6.12 - Support IPv6 in database DSN 9937 - Don't force specific errorreporting setting - Fix compatibility with PHP 8.5 regarding arrayfir...

7.5CVSS6AI score0.19769EPSS
Exploits1References3
OSV
OSV
added 2025/12/22 11:57 p.m.7 views

MGASA-2025-0332 Updated roundcubemail packages fix security vulnerabilities

Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike. Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev...

7.5CVSS6.4AI score0.19769EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/12/19 12:24 a.m.3 views

SUSE CVE-2025-68460

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer...

7.5CVSS6.3AI score0.00244EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.6 views

Debian dsa-6087 : roundcube - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6087 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6087-1 [email protected]...

7.5CVSS6AI score0.19769EPSS
Exploits1References7
EUVD
EUVD
added 2025/12/18 6:30 a.m.3 views

EUVD-2025-204036

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer...

7.2CVSS5.7AI score0.00244EPSS
Exploits0References3
OSV
OSV
added 2025/12/18 5:15 a.m.6 views

CVE-2025-68460

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer...

7.5CVSS6.2AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/12/18 5:15 a.m.5 views

CVE-2025-68460

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer...

7.5CVSS5.9AI score0.00244EPSS
Exploits0References3
OSV
OSV
added 2025/12/18 5:15 a.m.2 views

UBUNTU-CVE-2025-68460

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer...

7.5CVSS5.8AI score0.00244EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

Roundcube Webmail 安全漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.5.12 and 1.6.12 and prior to 1.6.12, which stems fro...

7.5CVSS6AI score0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-1999-0731

Malware in sbrugna...

5.1CVSS6.4AI score0.08728EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/21 9:31 p.m.6 views

CVE-2005-3165

Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...

4.3CVSS5.4AI score0.01265EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:11 p.m.11 views

CVE-1999-0750

Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account...

5.1CVSS7.4AI score0.08728EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/21 12:0 a.m.4 views

perl-html-stripscripts 安全漏洞

perl-html-stripscripts is a Perl library. A security vulnerability exists in perl-html-stripscripts version 1.06 and earlier. An attacker can exploit this vulnerability to perform catastrophic backtracking on HTML content with specific style attributes...

7.5CVSS7.3AI score0.01116EPSS
Exploits1References9
OSV
OSV
added 2005/10/06 10:2 a.m.11 views

CVE-2005-3165

Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...

5.4AI score
Exploits0References4
Cvelist
Cvelist
added 2005/10/06 4:0 a.m.22 views

CVE-2005-3165

Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...

5.3AI score0.01265EPSS
Exploits0References3
CVE
CVE
added 2000/02/04 5:0 a.m.53 views

CVE-1999-0750

Technical details for CVE-1999-0750 are not publicly provided in the supplied documents. Monitor for updates from official feeds.

5.1CVSS7.4AI score0.08728EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder