CVE-2022-23367

Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting XSS vulnerability in /BindAccount/SuccessTips.js. This vulnerability allows attackers to inject malicious code into a victim user's device via open redirection...

CVE-2022-23367

CVE-2022-23367 affects Fulusso v1.1. The vulnerability is a DOM-based cross-site scripting (XSS) in the file path /BindAccount/SuccessTips.js, arising from how open redirection is handled. This allows an attacker to inject malicious code into a victim user’s device via an open redirect mechanism....

DOM-based cross-site scripting in Froala Editor

Froala WYSIWYG HTML Editor is a lightweight WYSIWYG HTML Editor written in JavaScript that enables rich text editing capabilities for web applications. A DOM-based cross-site scripting XSS vulnerability exists in versions before 3.2.3 because HTML code in the editor is not correctly sanitized whe...

CVE-2022-23013

On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...

CVE-2022-23013

On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...

Cross site scripting

On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...

CVE-2022-23013

CVE-2022-23013 is a DOM-based XSS vulnerability in the BIG-IP Configuration utility affecting BIG-IP DNS & GTM. Affected: 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all 13.1.x/12.1.x/11.6.x. Exploitation would run JavaScript in the user’s context. Remediation per F5: fi...

CVE-2022-23013

On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...

JetBlue: Dom-Based XSS on parameter ?vsid=

Researcher found a DOM XSS vulnerability in one of the JetBlue applications using the vsid parameter. The researcher used the below payload to trigger XSS: ';alert1;//...

CVE-2021-42357 DOM based XSS Vulnerability in Apache Knox

When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be...

Cross-site Scripting (XSS) - DOM in mrdoob/three.js

Description DOM-based XSS is a vulnerability in which the attacker can inject arbitrary javascript code in any DOM sink that supports dynamic code execution. In our case, source is window.location.hash and sink is iframe.src Proof of Concept 1 Visit...

Cross-site Scripting (XSS) - DOM in karma-runner/karma

Description DOM-based XSS is a vulnerability in which the attacker can inject arbitrary javascript code in any DOM sink that supports dynamic code execution. In our case, source is query parameter returnurl and sink is location.href. Proof of Concept 1 Start karma server and visit the following...

CVE-2020-27428

A DOM-based cross-site scripting XSS vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file...

Cross site scripting

A DOM-based cross-site scripting XSS vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file...

CVE-2020-27428

CVE-2020-27428 affects the Scratch-Svg-Renderer library (v0.2.0). The vulnerability is described as a DOM-based cross-site scripting (XSS) issue that allows an attacker to execute arbitrary web scripts or HTML through a crafted sb3 file. The cited impact indicates possible code execution in the c...

CMSimple 5.4 Cross Site Scripting

Exploit Title: CMSimple 5.4 - Cross Site Scripting XSS Date: 22/10/2021 Exploit Author: heinjame Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/?Downloads Version: images Upload a file Attack vector '-alert1// need to encode '-alert1// When the victim...

CMSimple 5.4 - Cross Site Scripting Vulnerability

Exploit Title: CMSimple 5.4 - Cross Site Scripting XSS Exploit Author: heinjame Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/?Downloads Version: images Upload a file Attack vector '-alert1// need to encode ' When the victim clicks the delete button,an...

CMSimple 5.4 - Cross Site Scripting (XSS)

Exploit Title: CMSimple 5.4 - Cross Site Scripting XSS Date: 22/10/2021 Exploit Author: heinjame Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/?Downloads Version: images Upload a file Attack vector '-alert1// need to encode ' When the victim clicks the...

AbanteCart Cross-Site Scripting Vulnerability (CNVD-2021-102795)

AbanteCart is a PHP-based e-commerce platform. AbanteCart 1.3.2 previously had a security vulnerability that could be exploited by attackers to conduct DOM-based XSS attacks...

CVE-2021-42050

An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS...