21 matches found
katex-xss-test
KaTeX render test Inline href: $\hrefjavascript:alertdocume...
PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
PostCSS: XSS via Unescaped in CSS Stringify Output Summary PostCSS v8.5.5 latest does not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS values breaks out of the style context, enabling XSS. Proof of Concept...
PostCSS 跨站脚本漏洞
PostCSS is an open-source style transformation tool developed by PostCSS. Versions of PostCSS prior to 8.5.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of the sequence during CSS stringification using the CSS AST. As a result, when the...
ROS-20260401-73-0001
A vulnerability in the HTML Style Checker module of RoundCube Webmail is related to incorrect encoding or escaping of output data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
Fedora 43 : roundcubemail (2025-58eb59741f)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-58eb59741f advisory. Release 1.6.12 - Support IPv6 in database DSN 9937 - Don't force specific errorreporting setting - Fix compatibility with PHP 8.5 regarding arrayfir...
MGASA-2025-0332 Updated roundcubemail packages fix security vulnerabilities
Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike. Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev...
SUSE CVE-2025-68460
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer...
Debian dsa-6087 : roundcube - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6087 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6087-1 [email protected]...
EUVD-2025-204036
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer...
CVE-2025-68460
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer...
CVE-2025-68460
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer...
UBUNTU-CVE-2025-68460
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer...
Roundcube Webmail 安全漏洞
Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.5.12 and 1.6.12 and prior to 1.6.12, which stems fro...
EUVD-1999-0731
Malware in sbrugna...
CVE-2005-3165
Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...
CVE-1999-0750
Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account...
perl-html-stripscripts 安全漏洞
perl-html-stripscripts is a Perl library. A security vulnerability exists in perl-html-stripscripts version 1.06 and earlier. An attacker can exploit this vulnerability to perform catastrophic backtracking on HTML content with specific style attributes...
CVE-2005-3165
Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...
CVE-2005-3165
Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...
CVE-1999-0750
Technical details for CVE-1999-0750 are not publicly provided in the supplied documents. Monitor for updates from official feeds.