UBUNTU-CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

PT-2024-35061 · Unknown · Phil Spectrum Icon Widget

Name of the Vulnerable Software and Affected Versions: Phil Spectrum Icon Widget versions 1.1.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This enables potential attacker...

PT-2024-34924 · Unknown · Ultimate Accordion

Name of the Vulnerable Software and Affected Versions: Ultimate Accordion versions 1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means an attacker could potentially inject malicious scripts in...

PT-2024-34985 · Unknown · Moose Elementor Kit

Name of the Vulnerable Software and Affected Versions: Moose Elementor Kit versions 1.0.0 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS. This is a critical security...

CVE-2024-52352

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Andrew Milo Postcasa Shortcode allows DOM-Based XSS.This issue affects Postcasa Shortcode: from n/a through 1.0...

CVE-2024-51604

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Carlo Andro Mabugay Media Modal allows DOM-Based XSS.This issue affects Media Modal: from n/a through 1.0.2...

CVE-2024-51588

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themehat Super Addons for Elementor allows DOM-Based XSS.This issue affects Super Addons for Elementor: from n/a through 1.0...

CVE-2024-51675

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in aThemes aThemes Addons for Elementor allows DOM-Based XSS.This issue affects aThemes Addons for Elementor: from n/a through 1.0.7...

PT-2024-34731 · Themehat · Themehat Super Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Themehat Super Addons for Elementor versions 1.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for DOM-Based XSS in Themehat...

CVE-2024-49524

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user inpu...

WordPress plugin Royal Elementor Addons and Templates 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-27883)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2024-36238

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...

CVE-2024-36220

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

CVE-2024-36183

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

Adobe Experience Manager Cross-Site Scripting Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...

CVE-2024-5553

The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Plugin Beaver Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-2430 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability that could allow an attacker to inject malicious scripts into a webpage. When a victim browses to the page...

CVE-2024-26467

A DOM based cross-site scripting XSS vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL...