4382 matches found
CVE-2024-26465
CVE-2024-26465 concerns a DOM-based cross-site scripting (XSS) in the component/beep/Beep.Instrument.js of the Stewdio Beep.js project, prior to commit ef22ad7. The issue allows an attacker to execute arbitrary JavaScript by sending a crafted URL. The vulnerability is described across multiple so...
CVE-2024-26467
CVE-2024-26467 affects the tabatkins/railroad-diagrams project, specifically the generator.html component. A DOM-based cross-site scripting (XSS) flaw is present in versions before commit ea9a123, allowing an attacker to execute arbitrary JavaScript by sending a crafted URL. The issue is triggere...
PT-2024-21385 · Stwdio · Beep.Js
Name of the Vulnerable Software and Affected Versions: stwdio beep.js versions before commit ef22ad7 Description: A DOM based cross-site scripting XSS issue in the /beep/Beep.Instrument.js component allows attackers to execute arbitrary Javascript by sending a crafted URL. Recommendations: For...
CVE-2024-26466
A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...
CVE-2024-26467
A DOM based cross-site scripting XSS vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL...
Beep.js Security Vulnerability
Beep.js is a JavaScript toolkit by the individual developer Stewart Smith. It is used to build browser-based synthesizers. A security vulnerability exists in versions prior to Beep.js commit ef22ad7, which stems from the presence of a DOM-based cross-site scripting XSS vulnerability that allows a...
The web-platform-tests Project Security Vulnerabilities
The web-platform-tests Project is web-platform-tests open source a cross-browser test suite for the Web platform stack . The web-platform-tests Project commit 938e843 previous version of a security vulnerability , the vulnerability stems from the existence of DOM-based cross-site scripting XSS...
CVE-2024-26468
A DOM based cross-site scripting XSS vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL...
CVE-2024-26466
A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...
CVE-2024-26467
A DOM based cross-site scripting XSS vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL...
CVE-2024-26465
A DOM based cross-site scripting XSS vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL...
PT-2024-21387 · Tabatkins · Railroad-Diagrams
Name of the Vulnerable Software and Affected Versions: tabatkins/railroad-diagrams versions before commit ea9a123 Description: A DOM based cross-site scripting XSS vulnerability in the component generator.html of tabatkins/railroad-diagrams allows attackers to execute arbitrary Javascript via...
CVE-2024-26465
A DOM based cross-site scripting XSS vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL...
Beaver Builder < 2.7.4.3 - Reflected XSS
Description The plugin is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully...
CVE-2024-22854
DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 bundle version 61050 and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an...
CVE-2024-22854
DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 bundle version 61050 and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an...
Design/Logic Flaw
DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 bundle version 61050 and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an...
CVE-2024-22854
Darktrace Threat Visualizer contains a DOM-based HTML injection in the main page for versions 6.1.27 and earlier. A crafted URL visited by an authenticated user can trigger an open redirect and potential credential theft via an injected HTML form. Affected component: Darktrace Threat Visualizer m...
CVE-2024-22854
DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 bundle version 61050 and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an...
PT-2024-19586 · Darktrace · Darktrace Threat Visualizer
Name of the Vulnerable Software and Affected Versions: Darktrace Threat Visualizer versions 6.1.27 and before Description: A DOM-based HTML injection vulnerability has been identified in the main page of Darktrace Threat Visualizer. This issue allows a remote attacker to craft a URL that, when...