CVE-2021-42050

An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS...

Cross site scripting

An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS...

CVE-2021-42050

An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS...

CVE-2021-42050

AbanteCart, prior to version 1.3.2, is affected by a DOM-based XSS vulnerability identified as CVE-2021-42050. The issue affects the e-commerce platform’s client-side handling that can be exploited to inject and execute arbitrary scripts in the context of a user’s browser. The available data conf...

AbanteCart 跨站脚本漏洞

AbanteCart is a PHP-based e-commerce platform. AbanteCart 1.3.2 previously had a security vulnerability that could be exploited by attackers to conduct DOM-based XSS attacks...

CVE-2021-36760

In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code wi...

CVE-2021-36760

In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code wi...

Open redirect

In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code wi...

CVE-2021-36760

WSO2 Identity Server 5.7.0 contains a DOM-Based XSS in accountrecoveryendpoint/recoverpassword.do that manipulates the callback parameter in the URL before the callback is invoked. This can lead to execution of injected JavaScript after the username/password reset flow completes. The same endpoin...

CVE-2021-36760

In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code wi...

CVE-2021-40094

A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device...

CVE-2021-40094

A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device...

Design/Logic Flaw

A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device...

CVE-2021-40094

SquaredUp for SCOM 5.2.1.6654 is affected by a DOM-based cross-site scripting vulnerability. The issue is described across multiple sources as a DOM-based XSS that could allow an attacker to inject malicious code into a user’s device if successfully exploited. The vulnerability is associated with...

CVE-2021-40094

A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device...

WSO2 Identity Server 跨站脚本漏洞

WSO2 Identity Server IS is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server, which stems from the fact that in WSO2 Identity Server 5.7.0, a dom-based XSS attack can be executed that affects the callback parameter modifying the callback parameter before t...

NewStart CGSL CORE 5.04 / MAIN 5.04 : pki-core Multiple Vulnerabilities (NS-SA-2021-0102)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pki-core packages installed that are affected by multiple vulnerabilities: - A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not...

CVE-2021-26587

A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software...

Cross site scripting

A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software...

CVE-2021-26587

A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software...