Fedora 42 : roundcubemail (2025-fec36f9eaf)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-fec36f9eaf advisory. Release 1.6.12 - Support IPv6 in database DSN 9937 - Don't force specific errorreporting setting - Fix compatibility with PHP 8.5 regarding arrayfir...

Nextcloud: Roundcube Webmail Style Sanitizer can be bypassed using CSS Character Escapes

A vulnerability was discovered in the style sanitizer of Roundcube Webmail that allowed bypassing the sanitizer using CSS character escapes. This enabled the use of arbitrary inline CSS, such as the url function, which could be used to retrieve the IP address and user agent of the person reading...

MGASA-2016-0305 Updated mediawiki packages fix security vulnerability

Check read permission when loading page content in ApiParse CVE-2016-6331 Make blocks log users out if $wgBlockDisablesLogin is true CVE-2016-6332 Make $wgBlockDisablesLogin also restrict logged in permissions CVE-2016-6332 Require login to preview user CSS pages CVE-2016-6333 Escape '' in inline...

WebKit ContentEditable Inline Style Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...

CVE-2005-4501

MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting XSS attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer...

mediawiki -- hardcoded placeholder string security bypass vulnerability

The mediawiki development team reports a vulnerability within the mediawiki application. The vulnerability is caused by improper checking of inline style attributes. This could result in the execution of arbitrary javascript code in Microsoft Internet Explorer. It appears that other browsers are...

MediaWiki < 1.3.17 / 1.4.11 / 1.5.0 Multiple Vulnerabilities

According to its version number, the version of MediaWiki running on the remote host is affected by multiple vulnerabilities : - A denial of service vulnerability exists due to an unspecified flaw in 'edit submission handling' that causes the corruption of the previous submission. A remote attack...

[SA17074] MediaWiki HTML Inline Style Attributes Cross-Site Scripting

TITLE: MediaWiki HTML Inline Style Attributes Cross-Site Scripting SECUNIA ADVISORY ID: SA17074 VERIFY ADVISORY: http://secunia.com/advisories/17074/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: MediaWiki 1.x http://secunia.com/product/2546/ DESCRIPTION: A...