PT-2023-7653 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker can convince a victim to visit a URL referencing a vulnerable page,...

Improper Neutralization of Input in Advanced User Interface for Jolt

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, the...

GHSA-68PR-6FJC-WMGM Improper Neutralization of Input in Advanced User Interface for Jolt

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, the...

CVE-2023-49145

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, the...

Cross site scripting

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, the...

CVE-2023-49145 Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, the...

CVE-2023-49145

Apache NiFi

DOM-based XSS in comment when edit in a new tab

h3. Issue Summary DOM-based XSS vulnerabilities usually arise when JavaScript takes data from an attacker- controllable source, such as the URL, and passes it to a sink that supports dynamic code execution, such as eval or innerHTML. This enables attackers to execute maliciously JavaScript, which...

MyBB < 1.8.37 Multiple XSS Vulnerabilities

MyBB is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb";...

CVE-2023-46251

MyBB is a free and open source forum software. Custom MyCode BBCode for the visual editor SCEditor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as...

Design/Logic Flaw

MyBB is a free and open source forum software. Custom MyCode BBCode for the visual editor SCEditor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as...

CVE-2023-46251 Visual editor persistent Cross-site Scripting (XSS) in MyBB

MyBB is a free and open source forum software. Custom MyCode BBCode for the visual editor SCEditor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as...

CVE-2023-46251 Visual editor persistent Cross-site Scripting (XSS) in MyBB

MyBB is a free and open source forum software. Custom MyCode BBCode for the visual editor SCEditor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as...

CVE-2023-46251

Summary: CVE-2023-46251 is a DOM-based XSS vulnerability in MyBB’s visual editor (SCEditor) caused by improper escaping of input in custom MyCode. This can be triggered when a victim loads a page with a pre-filled or crafted MyCode message (e.g., posts or private messages). The issue can affect p...

F5 Networks BIG-IP : BIG-IP TMUI vulnerability (K42526507)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 14.1.4.2 / 15.1.3 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K42526507 advisory. - On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before...

F5 Networks BIG-IP : TMUI XSS vulnerability (K24301698)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.3 / 15.1.3.1 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K24301698 advisory. - On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM...

SUSE CVE-2020-25715

A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting XSS attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity...

Cross Site Scripting (XSS)

librenms/librenms is vulnerable to DOM based Cross Site Scripting XSS. The vulnerability is caused by not sanitizing/escaping HTML special characters in a IPV6/IPV4 search field in includes/html/pages/search/ipv6.inc.php while searching for IPV4/IPv6 addresses. This can result in disclosure of th...

Store XSS in Survey menus

Description I noticed, your website is very secure. But you overlooked a flaw Store DOM XSS . Proof of Concept Detail: 1 .Login vs admin demo account and access Configuration 2 .Go to Survey menus == Survey menus entries 3 .Add new menu entry and insert payload in to GET data method...

Internet Bug Bounty: [CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements

A DOM-based cross-site scripting vulnerability was discovered in rails-ujs, affecting versions 5.1.0 and above. By pasting malicious HTML content with specific attributes into a contenteditable element, an attacker could execute arbitrary JavaScript on the affected origin. The vulnerability has...