CVE-2024-51588

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in riponhossain Super Addons for Elementor super-addons-for-elementor allows DOM-Based XSS.This issue affects Super Addons for Elementor: from n/a through = 1.0...

CVE-2024-51592

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mystical Themes Meta Store Elements meta-store-elements allows DOM-Based XSS.This issue affects Meta Store Elements: from n/a through = 1.0.9...

CVE-2024-54360

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in premila Gutensee gutensee allows DOM-Based XSS.This issue affects Gutensee: from n/a through = 1.0.6...

CVE-2024-50468

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in faceleg Raptor Editor wp-raptor allows DOM-Based XSS.This issue affects Raptor Editor: from n/a through = 1.0.20...

CVE-2024-50469

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in brightvesseldev Textboxes textboxes allows DOM-Based XSS.This issue affects Textboxes: from n/a through = 0.1.3.1...

CVE-2024-54277

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alireza Aliniya Nias course nias-course allows DOM-Based XSS.This issue affects Nias course: from n/a through = 1.2.10...

CVE-2023-1517

Cross-site Scripting XSS - DOM in GitHub repository pimcore/pimcore prior to 10.5.19...

CVE-2023-0608

Cross-site Scripting XSS - DOM in GitHub repository microweber/microweber prior to 1.3.2...

CVE-2023-1882

Cross-site Scripting XSS - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-2317

DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...

CVE-2022-45020

Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting XSS vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted GET request...

CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS...

CVE-2022-29182

GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 inclusive are vulnerable to a Document Object Model DOM-based cross-site scripting attack via a pipeline run's Stage Details Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script tha...

CVE-2021-23027

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...

CVE-2021-40094

A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device...

CVE-2021-36760

In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code wi...

CVE-2025-48368 GroupOffice's DOM-Based XSS in all Date Input Fields Allows Arbitrary JavaScript Execution

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting XSS vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the context of the victim'...

CVE-2025-48368 GroupOffice's DOM-Based XSS in all Date Input Fields Allows Arbitrary JavaScript Execution

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting XSS vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the context of the victim'...

CVE-2020-7050

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cooki...

CVE-2020-6845

An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack...