PT-2024-2936 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable web pages. When...

PT-2024-2430 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability that could allow an attacker to inject malicious scripts into a webpage. When a victim browses to the page...

Adobe Experience Manager 6.5.0.0 < 6.5.20.0 Multiple Vulnerabilities (APSB24-05)

The version of Adobe Experience Manager installed on the remote host is prior to 6.5.20.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-05 advisory. - Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting XSS...

CVE-2024-28089

Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity who has access to the router admin panel to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.htmladvancedlocation aka the Device Location page...

Design/Logic Flaw

Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity who has access to the router admin panel to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.htmladvancedlocation aka the Device Location page...

CVE-2024-28089

Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity who has access to the router admin panel to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.htmladvancedlocation aka the Device Location page...

CVE-2024-28089

Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity who has access to the router admin panel to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.htmladvancedlocation aka the Device Location page...

PT-2024-22257 · Hitron · Hitron Coda-4582

Name of the Vulnerable Software and Affected Versions: Hitron CODA-4582 2AHKM-CODA4589 version 7.2.4.5.1b8 Description: The issue allows a remote attacker within Wi-Fi proximity, who has access to the router admin panel, to conduct a DOM-based stored XSS attack. This attack can fetch remote...

BIT-MAGENTO-2020-9691

Magento versions 2.3.5 and earlier, and 2.3.5 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution...

BIT-MYBB-2020-15139

In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...

BIT-MAGENTO-2021-28556 Magento Commerce DOM-based cross-site scripting (XSS) could lead to arbitrary javascript execution

Magento versions 2.4.2 and earlier, 2.4.1 and earlier and 2.3.6 and earlier are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is required fo...

BIT-MYBB-2023-46251

MyBB is a free and open source forum software. Custom MyCode BBCode for the visual editor SCEditor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as...

BIT-ABANTECART-2021-42050

An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS...

openSUSE: Security Advisory for rubygem (SUSE-SU-2023:3813-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-26467

A DOM based cross-site scripting XSS vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL...

CVE-2024-26467

A DOM based cross-site scripting XSS vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL...

Cross site scripting

A DOM based cross-site scripting XSS vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL...

Cross site scripting

A DOM based cross-site scripting XSS vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL...

Cross site scripting

A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...

Cross site scripting

A DOM based cross-site scripting XSS vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL...