2599 matches found
SecNews: DOM based XSS in search functionality
Overview === Search query is inserted into the HTML of the page without proper encoding. Specifically, a single-quote is not html-encoded albeit escaped, even twice, which allows the attacker to break out of the HTML attribute and inject arbitrary tags. html curl -s...
Open-Xchange: OX Guard: DOM Based Cross-Site Scripting (#2)
Summary OX Guard's "Guest Reader" is vulnerable to DOM Based XSS. While this report is closely related to 158853, it is not a duplicate. I've had a look at the code introduced by commit 7fdbd307662f0041ed5e45b2f73c6530b79c6124, which I believe was supposed to protect against 158853. Today's repor...
Informatica: [kb.informatica.com] Dom Based xss
Hi! I found Dom based xss on this subdomain https://kb.informatica.com javaScript security is very important, even more in portals where users store their personal data. Attackers can target those portals to find and exploit High-risk JavaScript vulnerabilities like Dom based xss vulnerabilities...
VK.com: DOM XSS в /activation.php?act=activate_mobile
Поинтересовался тут функцией showOrderBox в API. Увидел там "Тестовое спецпредложение. Тестовое спецпредложение для разработчиков приложений." При щелчке по кнопке "перейти в группу" попал на страницу...
Important: Red Hat Security Advisory: python-django-horizon security, bug fix, and enhancement update
An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
python-django-horizon: XSS in client side template
A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...
Uber: DOM based XSS on
Possible Remote code execution DOM based XSS Vuln Jquery param : var strliID=jQuerylocation.attr'hash'; Target: Logged admin Go url https://drive.uber.com/melbourne/wp-admin/admin.php?page=Optionsgallerystyles" Solution : Upgrade latest version gallery plugin Your version v1.9.55 Test my localhos...
Adobe Analytics AppMeasurement for Flash Library Patch
Adobe today patched a vulnerability in the Adobe Analytics AppMeasurement for Flash library, which can be added to Flash projects to measure the usage of Flash-based content. The vulnerability is a DOM-based cross-site scripting flaw that can be abused for cookie theft, said researcher Randy...
Uber: Dom Based Xss
Hi. found dom xss on this subdomain eng.uber.com. you are using a vulnerable plugin prettyPhoto.. This XSS will work in Firefox,Chrome - Google and IE last version ! And this is very dangerous! POC Firefox vector http://eng.uber.com/prettyPhotoi/x,/x POC Google and IE...
Fedora 23 : monitorix-3.8.1-1.fc23 (2015-b6b8582f4e)
This is a maintenance release that mainly fixes a Document Object Model DOM-based cross-site scripting XSS vulnerability in the monitorix.cgi file. Such vulnerability is by injection a JS code in the when parameter of the URL shown after generating the graphs. Additionally, a potential denial of...
Fedora 22 : monitorix-3.8.1-1.fc22 (2015-12813acfa3)
This is a maintenance release that mainly fixes a Document Object Model DOM-based cross-site scripting XSS vulnerability in the monitorix.cgi file. Such vulnerability is by injection a JS code in the when parameter of the URL shown after generating the graphs. Additionally, a potential denial of...
Veris: www.veris.in DOM based XSS
Hi, An attacked can execute arbitrary js at your main page https://www.veris.in/? vulnerable js source: https://www.veris.in/wp-content/plugins/UltimateVCAddons/assets/min-js/ultimate.min.js?ver=7e111f63322706ef9e00ec1e58f2edf4...
Drupal 8.0.x-dev Cross Site Scripting
DOM Based XSS with character on IE8 and older versions IMPORTANT: this issue has been cleared for public discussion and resolution by the Drupal Security Team based on the low evidence of vulnerable browsers still existing. Problem/Motivation filterxss does not filter out the accent grave...
Trello: DOM based XSS via Wistia embedding
Hi, You are using Wistia to embed video at trello.com. However external script from fast.wistia.com vulnerable to XSS and allows to run malicious javascript on your side. vulnerable code: fast.wistia.net/assets/external/E-v1.js I found that parameter wchannel can be controled to load js from...
YouYaX v5.85 /Tpl/mobile/home/mypub.html DOM Based XSS
No description provided by source...
LeaseWeb: DOM Based XSS in Checkout
Hey, This works in all browsers I suppose and regardless if the user is currently authenticated or not. Simply go over to : https://www.leaseweb.com/checkout-success/16893". Attached herewith is the screenshot. Thanks!...
X (Formerly Twitter): Multiple DOMXSS on Amplify Web Player
Hi, I would like to report multiple DOMXSS issues on https://amp.twimg.com/amplify-web-player/prod/source.html. Details: Please use latest IE to open all the PoCs because of CSP 1. $.get sink javascript define"data/playlist/withjsonloader", "require", "flight/lib/compose",...
ownCloud: owncloud.com: DOM Based XSS
Hello, there's DOM Based XSS In Main Page https://owncloud.com/"// Thanks...
The default WordPress Theme the presence of DOM XSS(cross-site scripting vulnerability affecting millions of users-vulnerability warning-the black bar safety net
! The use of the Genericons package of WordPress plugin or theme are likely to be affected by a DOM-basedXSSvulnerability, because of WordPress default theme Twenty Fifteen 及 知名 插件 Jetpack 都 包含 了 存在 漏洞 的 页面 example.html that affect millions of users. Vulnerability causes Any use of the genericons...
Java.com Cross Site Scripting
Exploit Title: Java.com RXSS and DOM-XSS Date: 01/04/2015 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.java.com Version: / Category: Reflected Cross Site Scripting and DOM based XSS Google dork: Tested on: Java.com main domain Java description :...