Mac OS X Local Javascript Quarantine Bypass

Advisory ID: SGMA17-002 Title: Mac OS X Local Javascript Quarantine Bypass Product: Mac OS X Version: 10.12, 10.11, 10.10 and probably prior Vendor: apple.com Type: DOM Based XSS Risk level: 3 / 5 Credits: [email protected] CVE: N/A Vendor notification: 2017-07-27 Vendor fix:...

Mac OS X Local Javascript Quarantine Bypass youtube Vulnerability

Exploit for macOS platform in category local exploits Details Mac OS X contains a vulnerability that allows the bypass of the Apple Quarantine and the execution of arbitrary Javascript code without restrictions. Basically, Apple's Quarantine works by setting an extended attribute to downloaded...

CVE-2017-12254

A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model DOM-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server...

CVE-2017-12254

CVE-2017-12254 affects Cisco Unified Intelligence Center web interface. Root cause: insufficient input validation of parameters passed to the web server, enabling a DOM-based cross-site scripting attack by unauthenticated remote attackers (via malicious link or intercepted request). Impact descri...

JGI CMS 1.0 Cross Site Scripting

Title: ======= JGI CMS - DOM-Based Cross Site Scripting Introduction: ============== A content management system CMS is a computer application that supports the creation and modification of digital content. It is often used to support multiple users working in a collaborative environment. CMS...

Cross site scripting

A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client-side cross-site scripting XSS attack. The vulnerability occurs because...

CVE-2017-6789

A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client-side cross-site scripting XSS attack. The vulnerability occurs because...

CVE-2017-6789

CVE-2017-6789 affects Cisco Unified Intelligence Center (CUIC). The vulnerability is a DOM-based, environment or client-side XSS resulting from unvalidated user-supplied data in the DOM input, exploitable by sending crafted URLs to the affected system. A successful exploit could allow an unauthen...

Razer US: Unauthenticated DOM-based XSS in zvault.razerzone.com via the redir parameter.

Summary --- zvault.razerzone.com is vulnerable to DOM-based XSS via the redir parameter. F219081 F219082 Affected Code --- js var redirectUrl = getUrlParameter'redir'; if isCrossOriginFrame window.location.href = redirectUrl; else window.parent.location.href = redirectUrl; Browsers Verified In --...

Razer US: Unauthenticated DOM-based XSS in pay.zvault.razerzone.com via the redir parameter.

Summary --- pay.zvault.razerzone.com is vulnerable to DOM-based XSS via the redir parameter. F219069 F219070 Affected Code --- js var redirectUrl = getUrlParameter'redir' // window.location.href; //alertredirectUrl; if isCrossOriginFrame window.location.href = redirectUrl; else...

Razer US: Authenticated DOM-based XSS in deals.razerzone.com via the rurl parameter.

The tester discovered the deals.razerzone.com website was vulnerable to open redirect via the rurl parameter e.g. https://deals.razerzone.com/user/ssologin?rurl= and that the parameter was also vulnerable DOM-based XSS. Also, the initial fix for this was a little too specific and edio was able to...

Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client-side cross-site scripting XSS attack. The vulnerability occurs because...

Stored Cross-Site Scripting (XSS)

anchorcms/anchor-cms is susceptible to stored cross-site scripting XSS vulnerability. The vulnerability exists because user input to fields in admin panel are not properly escaped. Note: the fix introduced cannot prevent from DOM based XSS...

CVE-2017-3152

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality...

CVE-2017-13138

DOM based Cross-site scripting XSS vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript...

Cross site scripting

DOM based Cross-site scripting XSS vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript...

Rockstar Games: dom based xss in http://www.rockstargames.com/GTAOnline/ (Fix bypass)

The researcher was able to bypass a previous fix for a DOM-Based XSS vulnerability 254343 by hashing part of the payload. This showed that our previous fix was insufficient, so we updated it to a more thorough solution...

Rockstar Games: dom based xss in https://www.rockstargames.com/GTAOnline/

In this report, the researcher found a DOM-Based XSS Vulnerability and was able to demonstrate an exploit that exposed cookie values. New 404 page handling code resulted in a fix for the issue...

Apple Mac OS X + Safari - Local Javascript Quarantine Bypass

Apple Mac OS X + Safari - Local Javascript Quarantine Bypass Title: Mac OS X Local Javascript Quarantine Bypass Product: Mac OS X Version: 10.12, 10.11, 10.10 and probably prior Vendor: apple.com Type: DOM Based XSS Risk level: 3 / 5 Credits: [email protected] CVE: N/A Vendor...

Apple Mac OS X + Safari - Local Javascript Quarantine Bypass

Title: Mac OS X Local Javascript Quarantine Bypass Product: Mac OS X Version: 10.12, 10.11, 10.10 and probably prior Vendor: apple.com Type: DOM Based XSS Risk level: 3 / 5 Credits: [email protected] CVE: N/A Vendor notification: 2017-07-15 Vendor fix: 2017-09-25 Public...