Lucene search
+L

2599 matches found

Hacker One
Hacker One
added 2016/09/13 10:48 p.m.39 views

SecNews: DOM based XSS in search functionality

Overview === Search query is inserted into the HTML of the page without proper encoding. Specifically, a single-quote is not html-encoded albeit escaped, even twice, which allows the attacker to break out of the HTML attribute and inject arbitrary tags. html curl -s...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2016/08/31 7:8 p.m.32 views

Open-Xchange: OX Guard: DOM Based Cross-Site Scripting (#2)

Summary OX Guard's "Guest Reader" is vulnerable to DOM Based XSS. While this report is closely related to 158853, it is not a duplicate. I've had a look at the code introduced by commit 7fdbd307662f0041ed5e45b2f73c6530b79c6124, which I believe was supposed to protect against 158853. Today's repor...

7AI score
Exploits0
Hacker One
Hacker One
added 2016/08/02 8:4 p.m.28 views

Informatica: [kb.informatica.com] Dom Based xss

Hi! I found Dom based xss on this subdomain https://kb.informatica.com javaScript security is very important, even more in portals where users store their personal data. Attackers can target those portals to find and exploit High-risk JavaScript vulnerabilities like Dom based xss vulnerabilities...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2016/06/24 4:12 a.m.50 views

VK.com: DOM XSS в /activation.php?act=activate_mobile

Поинтересовался тут функцией showOrderBox в API. Увидел там "Тестовое спецпредложение. Тестовое спецпредложение для разработчиков приложений." При щелчке по кнопке "перейти в группу" попал на страницу...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/06/21 10:39 p.m.26 views

Important: Red Hat Security Advisory: python-django-horizon security, bug fix, and enhancement update

An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

5.4CVSS6.4AI score0.02068EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/06/21 10:23 p.m.8 views

python-django-horizon: XSS in client side template

A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...

5.4CVSS5.6AI score0.02068EPSS
Exploits0References4
Hacker One
Hacker One
added 2016/05/19 9:27 p.m.107 views

Uber: DOM based XSS on

Possible Remote code execution DOM based XSS Vuln Jquery param : var strliID=jQuerylocation.attr'hash'; Target: Logged admin Go url https://drive.uber.com/melbourne/wp-admin/admin.php?page=Optionsgallerystyles" Solution : Upgrade latest version gallery plugin Your version v1.9.55 Test my localhos...

1.5AI score
Exploits0
ThreatPost
ThreatPost
added 2016/04/21 1:8 p.m.23 views

Adobe Analytics AppMeasurement for Flash Library Patch

Adobe today patched a vulnerability in the Adobe Analytics AppMeasurement for Flash library, which can be added to Flash projects to measure the usage of Flash-based content. The vulnerability is a DOM-based cross-site scripting flaw that can be abused for cookie theft, said researcher Randy...

4.3CVSS0.01588EPSS
Exploits0References4
Hacker One
Hacker One
added 2016/03/23 7:14 p.m.48 views

Uber: Dom Based Xss

Hi. found dom xss on this subdomain eng.uber.com. you are using a vulnerable plugin prettyPhoto.. This XSS will work in Firefox,Chrome - Google and IE last version ! And this is very dangerous! POC Firefox vector http://eng.uber.com/prettyPhotoi/x,/x POC Google and IE...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.10 views

Fedora 23 : monitorix-3.8.1-1.fc23 (2015-b6b8582f4e)

This is a maintenance release that mainly fixes a Document Object Model DOM-based cross-site scripting XSS vulnerability in the monitorix.cgi file. Such vulnerability is by injection a JS code in the when parameter of the URL shown after generating the graphs. Additionally, a potential denial of...

5.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.20 views

Fedora 22 : monitorix-3.8.1-1.fc22 (2015-12813acfa3)

This is a maintenance release that mainly fixes a Document Object Model DOM-based cross-site scripting XSS vulnerability in the monitorix.cgi file. Such vulnerability is by injection a JS code in the when parameter of the URL shown after generating the graphs. Additionally, a potential denial of...

5.3AI score
Exploits0References2
Hacker One
Hacker One
added 2016/02/29 1:44 p.m.23 views

Veris: www.veris.in DOM based XSS

Hi, An attacked can execute arbitrary js at your main page https://www.veris.in/? vulnerable js source: https://www.veris.in/wp-content/plugins/UltimateVCAddons/assets/min-js/ultimate.min.js?ver=7e111f63322706ef9e00ec1e58f2edf4...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2016/02/20 12:0 a.m.52 views

Drupal 8.0.x-dev Cross Site Scripting

DOM Based XSS with character on IE8 and older versions IMPORTANT: this issue has been cleared for public discussion and resolution by the Drupal Security Team based on the low evidence of vulnerable browsers still existing. Problem/Motivation filterxss does not filter out the accent grave...

Exploits0
Hacker One
Hacker One
added 2016/01/18 5:46 p.m.165 views

Trello: DOM based XSS via Wistia embedding

Hi, You are using Wistia to embed video at trello.com. However external script from fast.wistia.com vulnerable to XSS and allows to run malicious javascript on your side. vulnerable code: fast.wistia.net/assets/external/E-v1.js I found that parameter wchannel can be controled to load js from...

6.3AI score
Exploits0
seebug.org
seebug.org
added 2016/01/15 12:0 a.m.19 views

YouYaX v5.85 /Tpl/mobile/home/mypub.html DOM Based XSS

No description provided by source...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2015/12/17 12:10 a.m.19 views

LeaseWeb: DOM Based XSS in Checkout

Hey, This works in all browsers I suppose and regardless if the user is currently authenticated or not. Simply go over to : https://www.leaseweb.com/checkout-success/16893". Attached herewith is the screenshot. Thanks!...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2015/09/13 1:8 p.m.38 views

X (Formerly Twitter): Multiple DOMXSS on Amplify Web Player

Hi, I would like to report multiple DOMXSS issues on https://amp.twimg.com/amplify-web-player/prod/source.html. Details: Please use latest IE to open all the PoCs because of CSP 1. $.get sink javascript define"data/playlist/withjsonloader", "require", "flight/lib/compose",...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2015/08/18 6:34 p.m.16 views

ownCloud: owncloud.com: DOM Based XSS

Hello, there's DOM Based XSS In Main Page https://owncloud.com/"// Thanks...

6.2AI score
Exploits0
myhack58
myhack58
added 2015/05/08 12:0 a.m.20 views

The default WordPress Theme the presence of DOM XSS(cross-site scripting vulnerability affecting millions of users-vulnerability warning-the black bar safety net

! The use of the Genericons package of WordPress plugin or theme are likely to be affected by a DOM-basedXSSvulnerability, because of WordPress default theme Twenty Fifteen 及 知名 插件 Jetpack 都 包含 了 存在 漏洞 的 页面 example.html that affect millions of users. Vulnerability causes Any use of the genericons...

6.3AI score
Exploits0
Packet Storm
Packet Storm
added 2015/04/01 12:0 a.m.40 views

Java.com Cross Site Scripting

Exploit Title: Java.com RXSS and DOM-XSS Date: 01/04/2015 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.java.com Version: / Category: Reflected Cross Site Scripting and DOM based XSS Google dork: Tested on: Java.com main domain Java description :...

0.1AI score
Exploits0
Rows per page
Query Builder