15 matches found
CVE-2026-55890 Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style()
Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action CVE-2026-42841 leaves the sibling MediaObjectTrait::style method reachable through the same Markdown excerpt-action pipeline, allowing an editor to save Markdow...
CVE-2026-55890
Grav CVE-2026-55890 concerns stored CSS injection via Markdown image style parameters that reach MediaObjectTrait::style(). The incomplete patch from GHSA-r7fx-8g49-7hhr fixed attribute() (denying dangerous attribute names) but leaves the sibling style() sink unmitigated, allowing editor-supplied...
CVE-2026-55890 Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style()
Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action CVE-2026-42841 leaves the sibling MediaObjectTrait::style method reachable through the same Markdown excerpt-action pipeline, allowing an editor to save Markdow...
Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style() — incomplete patch of GHSA-r7fx-8g49-7hhr
Summary The fix for GHSA-r7fx-8g49-7hhr / CVE-2026-42841 Stored XSS via Markdown media attribute action is incomplete. The maintainer patched MediaObjectTrait::attribute to deny dangerous attribute names event handlers, style, xmlns, srcdoc, formaction but the sibling MediaObjectTrait::style meth...
Fedora 43 : cef (2025-604e02ca72)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-604e02ca72 advisory. Update to 142.0.7444.162 High CVE-2025-12725: Out of bounds write in WebGPU High CVE-2025-12726: Inappropriate implementation in Views High...
EUVD-2025-50801
Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...
CVE-2025-12430
CVE-2025-12430 affects Google Chrome/Chromium where an object lifecycle issue in Media could enable UI spoofing via a crafted HTML page in versions prior to 142.0.7444.59. Connected advisories show updated Chromium/CEF packages: Fedora updates reference chromium/cef builds reaching 142.0.7444.162...
Linux Distros Unpatched Vulnerability : CVE-2025-12430
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium...
GSD-2021-1000372 media: [next] staging: media: atomisp: fix memory leak of object flash
media: next staging: media: atomisp: fix memory leak of object flash This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.37 by commit...
ALPINE-CVE-2019-15297
respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference...
Session fixation
respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference...
UBUNTU-CVE-2019-15297
respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference...
CVE-2019-15297
CVE-2019-15297 affects res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1. The vulnerability allows an attacker to trigger a crash by sending a declined stream in a T.38 re-invite response, caused by a NULL session media object dereference. The issue is reproduced as a re...
CVE-2019-15297
respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference...
CVE-2019-15297
respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference...