4382 matches found
Starbucks: Dom Based Xss DIV.innerHTML parameters store.starbucks*
Hi! this subdomain store.starbucks vulnerable to dom based xss. you are using the vulnerable library jQuery.V1101 parameters location.hash DIV.innerHTML . Vulnerable all subdomains store.starbucks It works Chrome,and IE 11 the current version POC...
Unpatched Vulnerability on Wix.com Puts Millions of Sites at Risk
Update Cloud-based web host Wix.com is vulnerable to a DOM-based cross-site scripting vulnerability that can give attackers control over any of the millions of websites hosted on the platform. “Simply by adding a single parameter to any site created on Wix, the attacker can cause their JavaScript...
Rockstar Games: DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request
Hi, I have found a reflected XSS issue in http://www.rockstargames.com/newswire/tags which is , IMO , somekinda tricky. PoC: - URL: http://www.rockstargames.com/newswire/tags/?tags=%2e%2e%2e%2e%2e%2e\commentsdal\users\getGlobalLoginSettings%2ejson?callback=alert%2fxss%2f;%2f%2f - Vulnerable...
SecNews: DOM based XSS in search functionality
Overview === Search query is inserted into the HTML of the page without proper encoding. Specifically, a single-quote is not html-encoded albeit escaped, even twice, which allows the attacker to break out of the HTML attribute and inject arbitrary tags. html curl -s...
Open-Xchange: OX Guard: DOM Based Cross-Site Scripting (#2)
Summary OX Guard's "Guest Reader" is vulnerable to DOM Based XSS. While this report is closely related to 158853, it is not a duplicate. I've had a look at the code introduced by commit 7fdbd307662f0041ed5e45b2f73c6530b79c6124, which I believe was supposed to protect against 158853. Today's repor...
AlienVault USM/OSSIM 5.2 Cross Site Scripting
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: AlienVault USM/OSSIM Vendor URL: www.alienvault.com Type: Cross-Site Scripting CWE-79 Date found: 2016-05-24 Date published: 2016-08-23 CVSSv3 Score: 5.4...
Open-Xchange: OX Guard: DOM Based Cross-Site Scripting
Summary OX Guard's "Guest Reader" is vulnerable to DOM Based XSS. The vulnerable parameter is "templid". The reader.js script see below takes the parameter's value and injects it into the page/DOM without encoding/sanitizing it first. PoC:...
Ubiquiti Inc.: [scores.ubnt.com] DOM based XSS at form.html
Hello, I would like to report that the 130889 bug hasn't been fixed completely. The removeTags function has been added, however an attacker is still able to inject Javascript as parameter values without any HTML tags:...
Informatica: [kb.informatica.com] Dom Based xss
Hi! I found Dom based xss on this subdomain https://kb.informatica.com javaScript security is very important, even more in portals where users store their personal data. Attackers can target those portals to find and exploit High-risk JavaScript vulnerabilities like Dom based xss vulnerabilities...
VK.com: DOM XSS в /activation.php?act=activate_mobile
Поинтересовался тут функцией showOrderBox в API. Увидел там "Тестовое спецпредложение. Тестовое спецпредложение для разработчиков приложений." При щелчке по кнопке "перейти в группу" попал на страницу...
Important: Red Hat Security Advisory: python-django-horizon security update
An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Important: Red Hat Security Advisory: python-django-horizon security, bug fix, and enhancement update
An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
python-django-horizon: XSS in client side template
A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...
Important: Red Hat Security Advisory: python-django-horizon security update
An update for python-django-horizon is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
python-django-horizon: XSS in client side template
A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...
Important: Red Hat Security Advisory: python-django-horizon security and bug fix update
An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CVE-2016-4428
A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description, triggering...
Citrix Netscaler 11.0 Build 64.35 Cross Site Scripting
PERSICON Security Advisory ======================================================================= Title: Login Form Hijacking vulnerability Product: Citrix Netscaler Vulnerable Version: 11.0 Build 64.35 Fixed Version: 11.0 Build 66.11 CVE-ID: CVE-2016-4945 Impact: medium found: 2015-04-07 by: Dr...
Uber: DOM based XSS on
Possible Remote code execution DOM based XSS Vuln Jquery param : var strliID=jQuerylocation.attr'hash'; Target: Logged admin Go url https://drive.uber.com/melbourne/wp-admin/admin.php?page=Optionsgallerystyles" Solution : Upgrade latest version gallery plugin Your version v1.9.55 Test my localhos...
Swagger Editor 2.9.9 Cross Site Scripting
Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Swagger Editor Vendor URL: https://github.com/swagger-api/swagger-editor Type: Cross-Site Scripting CWE-79 Date found:...