resolved
Roundcube Webmail Style Sanitizer can be bypassed using CSS Character Escapes
Bug reported by SomeRandomDeveloper was disclosed at January 14, 2026, 1:05 pm | Information Disclosure
A vulnerability was discovered in the style sanitizer of Roundcube Webmail that allowed bypassing the sanitizer using CSS character escapes. This enabled the use of arbitrary inline CSS, such as the `url()` function, which could be used to retrieve the IP address and user agent of the person reading the email.
resolved
[revive-adserver] Reflected XSS in Banner Delivery Options via cap parameter
Bug reported by Patrick was disclosed at January 14, 2026, 10:51 am | Cross-site Scripting (XSS) - Reflected
resolved
Reflected XSS in banner-acl.php and channel-acl.php via executionorder
Bug reported by Patrick was disclosed at January 14, 2026, 10:51 am | Cross-site Scripting (XSS) - Reflected
resolved
Reflected XSS in afr.php
Bug reported by Huynh Pham Thanh Luc was disclosed at January 14, 2026, 10:50 am | Cross-site Scripting (XSS) - Reflected
resolved
Broken Access Control allows advertiser accounts to delete trackers they do not own
Bug reported by Jad Ghamloush was disclosed at January 14, 2026, 10:49 am | Improper Access Control - Generic
resolved
INI Format string injection in Revive Adserver 6.0.4 settings
Bug reported by Faraz Ahmed was disclosed at January 14, 2026, 10:48 am | Use of Externally-Controlled Format String
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
