4382 matches found
CVE-2024-41878
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires...
CVE-2024-41878 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires...
CVE-2024-41878
Affected product: Adobe Experience Manager (AEM) 6.5.19 and earlier. Vulnerability: DOM-based Cross-Site Scripting (XSS) that can allow arbitrary JavaScript execution in a user’s browser context when a user interacts with a malicious page/link. Root cause described as DOM-based XSS in AEM compone...
CVE-2024-41878 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
CVE-2024-6533 Directus 10.13.0 - DOM-Based cross-site scripting (XSS) via layout_options
Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with...
CVE-2024-6533 Directus 10.13.0 - DOM-Based cross-site scripting (XSS) via layout_options
Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with...
PT-2024-9652 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This occurs when...
PT-2024-9547 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to insufficient protection of the web page structure when handling DOM elements, which could allow a remote attacker to execute arbitrary code. This is a...
GHSA-52FG-WJXM-PP44 Magento DOM-based Cross-Site Scripting (XSS) vulnerability
Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation o...
Magento DOM-based Cross-Site Scripting (XSS) vulnerability
Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation o...
CVE-2024-39400
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session...
CVE-2024-39400
Adobe Commerce (Magento) DOM-based XSS (CVE-2024-39400) affects versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The root cause is a DOM-based XSS lack of proper filtering/escaping of user-supplied data, allowing an admin attacker to inject and execute arbitrary JavaScript in the cont...
CVE-2024-39400 DOM XSS through integrations can impact other admins
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session...
PT-2024-28485 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1 through 2.4.4-p9 and earlier Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability that could allow an admin attacker to inject and execute arbitrary JavaScript code within the context o...
CVE-2024-5668
The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
CVE-2024-5668
The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
CVE-2024-5668 Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes
The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
Cross-site Scripting (XSS)
github.com/alexxit/go2rtc is vulnerable to DOM-based cross-site scripting XSS. The vulnerability is due to the lack of input sanitization when appending API data using innerHTML in the index page index.html, allowing an attacker to execute malicious scripts in the context of the go2rtc instance's...
GHSA-RH4R-F7F7-R99M gotortc Cross-site Scripting vulnerability
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...