737 matches found
CVE-2026-41305
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
UBUNTU-CVE-2026-41305
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
CVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
CVE-2026-41305
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
CVE-2026-41305
PostCSS (driver: CSS AST stringify) has an XSS risk in versions prior to 8.5.10 due to unescaped sequences when embedding user CSS into HTML tags. The issue arises when CSS is parsed into an AST and then re-stringified for embedding. Version 8.5.10 fixes the problem. Affected products: PostCSS;...
EUVD-2026-25383
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
CVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
PostCSS 跨站脚本漏洞
PostCSS is an open-source style transformation tool developed by PostCSS. Versions of PostCSS prior to 8.5.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of the sequence during CSS stringification using the CSS AST. As a result, when the...
CVE-2026-41305
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
MAL-2026-1822 Malicious code in postcss-hotfix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5b4d8ad8f9c133d2d8680b4d666d442b455bbd1579dea5cd5582a883fc4f0b5 The package postcss-hotfix was found to contain malicious code...
Malicious code in postcss-hotfix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5b4d8ad8f9c133d2d8680b4d666d442b455bbd1579dea5cd5582a883fc4f0b5 The package postcss-hotfix was found to contain malicious code...
org.webjars.npm:cssnano (=5.1.14), org.webjars.npm:cssnano-preset-default (=5.2.13) +2 more potentially affected by CVE-2026-29074 via org.webjars.npm:svgo (=2.8.0)
org.webjars.npm:svgo MAVEN version =2.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:svgo and may be impacted: - org.webjars.npm:cssnano =5.1.14 - org.webjars.npm:cssnano-preset-default =5.2.13 - org.webjars.npm:esbuild-plugin-svg...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Improper Input Validation due to postcss
Summary postcss is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepa...
Security Bulletin: Vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookie might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookier. Vulnerabilities include an attacker is able to brute force something that was supposed to be random, ...
EUVD-2025-177799
Malicious code in miranda-postcss-blitz-module npm...
EUVD-2025-177092
Malicious code in postcss-loader-prosthetics-loopback-javascript npm...
EUVD-2025-177090
Malicious code in postcss-mongodb-astrometry-eslint-config npm...
EUVD-2025-178873
Malicious code in forever-cygnus-postcss-jwt npm...
EUVD-2025-180182
Malicious code in await-supercluster-prosthetics-postcss-loader npm...
Malicious code in miranda-postcss-blitz-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea79ab04fc3a6ac4cbf5514fff31c3ed5fba441933ff5d9a861ea695d6fed4eb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...