Prototype Pollution

Overview org.webjars.bowergithub.shprink:canvg is a JavaScript SVG parser and renderer on Canvas. Affected versions of this package are vulnerable to Prototype Pollution in the StyleElement constructor. PoC js async = // Assuming import is set up properly import StyleElement from 'canvg'; // Outp...

CVE-2023-26364

A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment. Mitigation No mitigation is yet available for this...

Roundcube -- XSS vulnerability

The Roundcube project reports: Cross-site scripting XSS via HTML messages with malicious CSS content...

CVE-2021-23382

A regular expression denial of service ReDoS vulnerability was found in the npm library postcss when using getAnnotationURL or loadAnnotation options in lib/previous-map.js. An attacker can use this vulnerability to potentially craft a malicious CSS to process resulting in a denial of service...

Updated roundcubemail package fixes security vulnerability

This update fixes cross-site scripting XSS via HTML messages with malicious CSS content CVE-2021-26925...

CVE-2016-8999

IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS...