349 matches found
PT-2021-3404 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitati...
pki-core: XSS in the certificate search results
A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting XSS attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity...
XSS_Bypass_Payload
It is an offensive tool for XSS. The repository contains a collection of XSS bypass payloads, which are used to exploit vulnerabilities in web applications to inject malicious code. The payloads are designed to bypass various security measures, such as Content Security Policy CSP and XSS filters...
GHSA-F8RQ-M28H-8HXJ Cross-Site Scripting in htmr
Versions of htmr prior to 0.8.7 are vulnerable to Cross-Site Scripting XSS. The package uses innerHTML to unescape HTML entities. This may lead to DOM-based XSS through HTML-encoded XSS payloads. This may allow an attacker to execute arbitrary JavaScript in a victim's browser. Recommendation...
GHSA-536Q-8GXX-M782 Cross-Site Scripting in dojo
Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting XSS. The package does not sanitize URL parameters in the testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.4.2 o...
Multiple vulnerabilities in Access analysis CGI An-Analyzer
Overview Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains multiple vulnerabilities listed below. OS command injection in the Management Page CWE-78 - CVE-2019-5987 Stored cross-site scripting in the Management Page CWE-79 - CVE-2019-5988 DOM-based cross-site scripting in t...
DOM-type cross-site scripting vulnerabilities in the front-end of Xingyunhai CMS (XYHcms)
Xing Yunhai CMS XYHcms is a completely open source CMS content management system. Xing Yunhai CMS XYHcms front-end DOM-type cross-site scripting vulnerabilities. Attackers can use the vulnerability to insert js code in the packet to obtain user cookies and other information...
CVE-2017-3152
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality...
CVE-2017-2929
Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution...