4382 matches found
Cross site scripting
On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM...
CVE-2022-28716
CVE-2022-28716 is a DOM-based XSS in BIG-IP TMUI affecting AFM, CGNAT and PEM Configuration utilities. Affected versions: 16.1.x before 16.1.2.2; 15.1.x before 15.1.5.1; 14.1.x before 14.1.4.6; 13.1.x before 13.1.5; 12.1.x and 11.6.x. Fixes are: 16.1.2.2; 15.1.5.1; 14.1.4.6; 13.1.5. For 12.x and ...
CVE-2022-28716
On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM...
F5 Networks BIG-IP : TMUI XSS vulnerability (K25451853)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K25451853 advisory. - On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x...
CVE-2021-31673
A Dom-based Cross-site scripting XSS vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter...
CVE-2021-31673
CVE-2021-31673 describes a DOM-based cross-site scripting (XSS) vulnerability in Cyclos 4 PRO (web app) affecting version 4.14.7 and earlier. The flaw allows remote attackers to inject arbitrary script or HTML through the groupId parameter during user registration. The affected component is Cyclo...
CVE-2022-26263
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...
CVE-2022-26263
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...
Cross site scripting
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...
CVE-2022-26263
CVE-2022-26263 — Yonyou U8 13.0 suffers a DOM-based cross-site scripting (XSS) vulnerability in the component /u8sl/WebHelp. The nuclei template confirms an attack where an attacker can inject arbitrary script in a victim’s browser context, potentially stealing cookie-based authentication credent...
EUVD-2022-30825
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...
CVE-2022-26263
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...
OneWeb: Cross-site scripting (DOM-based)
Issue detail The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.hash and passed to $. The exploitability of this issue might depend on the specific version of jQuery that is being used. Issue background DOM-based vulnerabilities arise when a...
CVE-2022-25069
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to perform remote code execution RCE via injecting a crafted payload into /lib/contentState/pasteCtrl.js...
CVE-2022-25069
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to perform remote code execution RCE via injecting a crafted payload into /lib/contentState/pasteCtrl.js...
CVE-2022-25069
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to perform remote code execution RCE via injecting a crafted payload into /lib/contentState/pasteCtrl.js...
CVE-2022-25069
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to perform remote code execution RCE via injecting a crafted payload into /lib/contentState/pasteCtrl.js...
CVE-2022-25069
Mark Text v0.16.3 contains a DOM-based XSS vulnerability in /lib/contentState/pasteCtrl.js that can lead to remote code execution (RCE). Root cause: DOM-based XSS in pasteCtrl.js allows crafted payloads to be executed. Impact: high/critical (CVSS3.1 base score 9.6) with network access and user in...
CVE-2022-23367
Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting XSS vulnerability in /BindAccount/SuccessTips.js. This vulnerability allows attackers to inject malicious code into a victim user's device via open redirection...
CVE-2022-23367
Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting XSS vulnerability in /BindAccount/SuccessTips.js. This vulnerability allows attackers to inject malicious code into a victim user's device via open redirection...