Siemens SCALANCE Improper Neutralization of Script-Related HTML Tags in a Web Page (CVE-2022-36325)

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. This plugin only works with Tenable.ot. Please visit...

CVE-2022-41266

CVE-2022-41266 affects SAP Commerce Webservices 2.0 (Swagger UI) across versions 1905, 2005, 2105, 2011, 2205. The root cause is a lack of proper input validation which allows malicious inputs to trigger a DOM XSS . Impact described in sources includes token theft and potential full account takeo...

Cross site scripting

teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard a...

CVE-2022-23466

Summary: CVE-2022-23466 affects the Kitabisa Teler real-time intrusion detection/dashboard. The vulnerability is a DOM-based cross-site scripting (XSS) in the dashboard where log data shown from the event stream (GET /events) is not sanitized. It impacts versions prior to 2.0.0-rc.4 and can affec...

CVE-2022-23466 DOM-based cross-site scripting (XSS) in teler dashboard

teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard a...

CVE-2022-23466 DOM-based cross-site scripting (XSS) in teler dashboard

teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard a...

CVE-2022-23466 DOM-based cross-site scripting (XSS) in teler dashboard

teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard a...

GHSA-XR7P-8Q82-878Q teler dashboard vulnerable to DOM-based cross-site scripting (XSS)

Description teler prior to version = 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard are not sanitized. Impact This only affects authenticated...

PT-2022-16008 · Teler · Teler

Name of the Vulnerable Software and Affected Versions: teler versions prior to 2.0.0-rc.4 Description: The teler dashboard is vulnerable to DOM-based cross-site scripting XSS when it requests messages from the event stream on the "/events" endpoint, and the log data displayed on the dashboard are...

CVE-2022-45020

Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting XSS vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted GET request...

Cross site scripting

Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting XSS vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted GET request...

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. Rukovoditel v3.2.1 version of a security vulnerability , the vulnerability stems from the inclusion of DOM-bas...

CVE-2022-45020

Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting XSS vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted GET request...

CVE-2022-45020

CVE-2022-45020 affects Rukovoditel v3.2.1 with a DOM-based XSS in the login component (/rukovoditel/index.php?module=users/login) that can trigger a Denial of Service via a crafted GET request. Affected software is Rukovoditel (v3.2.1); root cause is DOM-based XSS in the login endpoint; impact st...

New Vulnerability in Popular Widget Shows Risks of Third-Party Code

UPDATE: Snyk has recently addressed 2 additional vulnerabilities we have reported to them, CVE-2022-24441 and CVE-2022-22984, affecting versions of Snyk CLI before XXX, which leads to arbitrary code execution when scanning untrusted Maven or Gradle projects. Similar to CVE-2022-40764 these...

Uber: DOM based XSS via insecure parameter on [ https://uberpay-mock-psp.uber.com ]

Vulnerability description not provided...

SolarWinds Orion Platform < 2022.3 Multiple Vulnerabilities

The version of SolarWinds Orion Platform installed on the remote host is prior to 2022.3. It is, therefore, affected by multiple vulnerabilities as referenced in the solarwindsplatform20223 advisory. - A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated...

Cross site scripting

DOM-based cross-site scripting vulnerability in EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page...

CVE-2022-38975

EC-CUBE 4 series (versions 4.0.0–4.1.2) has a DOM-based cross-site scripting vulnerability (CWE-79) that can be triggered when an administrator visits a specially crafted page, allowing arbitrary script execution in the admin’s browser. The root cause is an unvalidated DOM path tied to admin-faci...

CVE-2022-38975

DOM-based cross-site scripting vulnerability in EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page...