Lucene search
K

15 matches found

Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-55890 Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style()

Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action CVE-2026-42841 leaves the sibling MediaObjectTrait::style method reachable through the same Markdown excerpt-action pipeline, allowing an editor to save Markdow...

4.8CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added 5 days ago17 views

CVE-2026-55890

Grav CVE-2026-55890 concerns stored CSS injection via Markdown image style parameters that reach MediaObjectTrait::style(). The incomplete patch from GHSA-r7fx-8g49-7hhr fixed attribute() (denying dangerous attribute names) but leaves the sibling style() sink unmitigated, allowing editor-supplied...

4.8CVSS6.1AI score0.00187EPSS
Exploits0References3
OSV
OSV
added 5 days ago3 views

CVE-2026-55890 Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style()

Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action CVE-2026-42841 leaves the sibling MediaObjectTrait::style method reachable through the same Markdown excerpt-action pipeline, allowing an editor to save Markdow...

4.8CVSS6.1AI score0.00187EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/18 2:49 p.m.8 views

Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style() — incomplete patch of GHSA-r7fx-8g49-7hhr

Summary The fix for GHSA-r7fx-8g49-7hhr / CVE-2026-42841 Stored XSS via Markdown media attribute action is incomplete. The maintainer patched MediaObjectTrait::attribute to deny dangerous attribute names event handlers, style, xmlns, srcdoc, formaction but the sibling MediaObjectTrait::style meth...

6.9CVSS5.3AI score0.00397EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.6 views

Fedora 43 : cef (2025-604e02ca72)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-604e02ca72 advisory. Update to 142.0.7444.162 High CVE-2025-12725: Out of bounds write in WebGPU High CVE-2025-12726: Inappropriate implementation in Views High...

8.8CVSS6.9AI score0.06776EPSS
Exploits2References26
EUVD
EUVD
added 2025/11/10 9:30 p.m.4 views

EUVD-2025-50801

Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

5.5AI score0.00305EPSS
Exploits0References3
CVE
CVE
added 2025/11/10 8:0 p.m.42 views

CVE-2025-12430

CVE-2025-12430 affects Google Chrome/Chromium where an object lifecycle issue in Media could enable UI spoofing via a crafted HTML page in versions prior to 142.0.7444.59. Connected advisories show updated Chromium/CEF packages: Fedora updates reference chromium/cef builds reaching 142.0.7444.162...

7.5CVSS5.6AI score0.00305EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/29 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-12430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium...

7.5CVSS5.5AI score0.00305EPSS
Exploits0References2
OSV
OSV
added 2021/05/31 3:39 p.m.8 views

GSD-2021-1000372 media: [next] staging: media: atomisp: fix memory leak of object flash

media: next staging: media: atomisp: fix memory leak of object flash This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.37 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2019/09/09 9:15 p.m.5 views

ALPINE-CVE-2019-15297

respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference...

6.5CVSS6.9AI score0.0348EPSS
Exploits0References1
Prion
Prion
added 2019/09/09 9:15 p.m.18 views

Session fixation

respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference...

4CVSS6.2AI score0.0348EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2019/09/09 9:15 p.m.4 views

UBUNTU-CVE-2019-15297

respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference...

6.5CVSS6.6AI score0.0348EPSS
Exploits0References6
CVE
CVE
added 2019/09/09 8:48 p.m.233 views

CVE-2019-15297

CVE-2019-15297 affects res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1. The vulnerability allows an attacker to trigger a crash by sending a declined stream in a T.38 re-invite response, caused by a NULL session media object dereference. The issue is reproduced as a re...

6.5CVSS6.1AI score0.0348EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2019/09/09 8:48 p.m.26 views

CVE-2019-15297

respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference...

6.5AI score0.0348EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2019/09/09 8:48 p.m.39 views

CVE-2019-15297

respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference...

6.5CVSS6.3AI score0.0348EPSS
Exploits0
Rows per page
Query Builder