PT-2026-37157

Name of the Vulnerable Software and Affected Versions Flarum versions prior to 1.8.16 Flarum versions prior to 2.0.0-rc.1 Description An authenticated administrator can inject an arbitrary @import directive into the compiled forum.css file. This occurs because settings registered as LESS config...

CVE-2026-40301

Summary of CVE-2026-40301 : The PHP library rhukster/dom-sanitizer (and related advisories) contains a flaw prior to version 1.0.10 where DOMSanitizer::sanitize() does not inspect the text content of elements inside SVG. As a result, CSS rules using url() and @import can reference attacker-contr...

CVE-2005-4089

Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets CSS files, as demonstrated using Google Desktop, aka...

CVE-2005-4089

Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets CSS files, as demonstrated using Google Desktop, aka...