SUSE CVE-2005-3167

Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs HTML inline style attributes that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting XSS attacks...

SUSE CVE-2005-4501

MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting XSS attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer...

CVE-2019-16524

The easy-fancybox plugin before 1.8.18 for WordPress aka Easy FancyBox is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter...

CSP 1.0 Added to Firefox to Block XSS Attacks

After years of discussion and waiting, Mozilla has finally added Content Security Policy 1.0, a defense against some common attacks such as XSS, to its Firefox browser. CSP already has been implemented in Google Chrome and Internet Explorer and there was a limited implementation of it in Firefox...

DEBIAN-CVE-2005-3167

Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs HTML inline style attributes that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting XSS attacks...