CVE-2023-30454

An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...

Cross site scripting

An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...

ebankIT 跨站脚本漏洞

ebankIT is a banking software from ebankIT Portugal. A cross-site scripting vulnerability exists in versions prior to ebankIT 7. The vulnerability stems from the presence of a cross-site scripting XSS vulnerability based on the Document Object Model...

CVE-2023-30454

CVE-2023-30454 affects ebankIT before version 7, with a DOM-based XSS at the endpoint /Security/Transactions/Transactions.aspx . An attacker can supply JavaScript in the POST parameter ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray , which is passed to an internal eval...

ebankIT 6 Cross Site Scripting

CVE-2023-30454 Description An issue was discovered in ebankIT before version 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the...

Debian: Security Advisory (DSA-5389-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

rukovoditel 3.2.1 - Cross-Site Scripting Vulnerability

Title: rukovoditel 3.2.1 - Cross-Site Scripting XSS Author: nu11secur1ty Vendor: https://www.rukovoditel.net/ Software: https://sourceforge.net/projects/rukovoditel/files/rukovoditel3.2.1.zip/download Reference:...

rukovoditel 3.2.1 Cross Site Scripting

Title: rukovoditel 3.2.1 - Cross-Site Scripting XSS Author: nu11secur1ty Date: 11.03.2022 Vendor: https://www.rukovoditel.net/ Software: https://sourceforge.net/projects/rukovoditel/files/rukovoditel3.2.1.zip/download Reference:...

rukovoditel 3.2.1 - Cross-Site Scripting (XSS)

Title: rukovoditel 3.2.1 - Cross-Site Scripting XSS Author: nu11secur1ty Date: 11.03.2022 Vendor: https://www.rukovoditel.net/ Software: https://sourceforge.net/projects/rukovoditel/files/rukovoditel3.2.1.zip/download Reference:...

Dom-based XSS in Website Settings module in Settings

Description pimcore is vulnerable to Dom-based XSS at Name field in Website Settings module in Settings. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left menu bar, go to Settings - Website Settings and input any text into Key field and choose a Type,...

Stored XSS in front/dashboard_helpdesk.php

Description Under the super-admin view, when adding a card to a dashboard, some more parameters are sent when the POST request is made. Those parameters later constitute an HTML div section in the response body. It is possible to modify the request, inject one of those parameters value which will...

PT-2023-17047 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.19 Description: The issue is related to Cross-site Scripting XSS - DOM, which has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or...

K55237223: BIG-IP Advanced WAF and ASM XSS vulnerability CVE-2021-22993

Security Advisory Description DOM-based XSS on DoS Profile properties page. CVE-2021-22993 Impact An attacker can inject a malicious script into the BIG-IP Advanced WAF and ASM Configuration utility and trick users into executing malicious code. Security Advisory Status F5 Product Development has...

K25451853: TMUI XSS vulnerability CVE-2022-28716

Security Advisory Description A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-28716 Impact An attacker ma...

K24301698: TMUI XSS vulnerability CVE-2021-23027

Security Advisory Description A DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2021-23027 Impact An attacker may exploit this...

K42526507: BIG-IP TMUI vulnerability CVE-2021-23041

Security Advisory Description A DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. CVE-2021-23041 Impact An attacker may exploit this...

K29500533: TMUI XSS vulnerability CVE-2022-23013

Security Advisory Description A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-23013 Impact An attacker may exploit this...

SUSE CVE-2018-6076

Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page...

SUSE CVE-2019-3826

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

Stored DOM-based Cross-site Scripting in Tags Functionality

Description A stored, DOM-based cross-site scripting vulnerability exists in answer version 1.0.4 within the question tagging functionality. Steps Step 1. Log in. Step 2. Proceed to create a new question. Populate the Title and Body input. Step 3. Click on the Add tag button, shown in the followi...