GHSA-97V6-998M-FP4G ApostropheCMS: Stored XSS via CSS Custom Property Injection in @apostrophecms/color-field Escaping Style Tag Context

Summary The @apostrophecms/color-field module bypasses color validation for values prefixed with -- intended for CSS custom properties, but performs no HTML sanitization on these values. When styles containing attacker-controlled color values are rendered into tags — both in the global stylesheet...

SUSE CVE-2021-23996

By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox 88...

Google Chrome multiple vulnerabilities - July 10

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnjul10.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - July 10 Authors: Madhuri D Copyright: Copyright c 2010 Greenbone Networks GmbH,...

CVE-2010-2651

The Cascading Style Sheets CSS implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...