4382 matches found
CVE-2021-26587
The CVE-2021-26587 entry describes a DOM-based Cross Site Scripting vulnerability in HPE StoreOnce. The issue could be remotely exploited to cause an elevation of privilege with partial impact to confidentiality, availability, and integrity. HPE has provided a fix in HPE StoreOnce 4.3.0. The conn...
GHSA-QH7X-J4V8-QW5W Clipboard-based XSS
Impact XSS against the user. Details jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to innerHTML causing XSS. References The Curious...
Clipboard-based XSS
Impact XSS against the user. Details jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to innerHTML causing XSS. References The Curious...
CVE-2021-41086
jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting XSS attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting...
CVE-2021-41086
jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting XSS attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting...
Cross site scripting
jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting XSS attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting...
CVE-2021-41086
CVE-2021-41086 affects the jsuites project. The vulnerability is a DOM-based XSS triggered when clipboard content is pasted into an HTML editor, because part of the clipboard content is written directly to innerHTML. The attacker must entice the user to copy arbitrary content and paste it. Impact...
Cross-site Scripting (XSS) - DOM in zoujingli/thinkadmin
Description DOM based xss via url hash frgament Proof of Concept First login into https://v6.thinkadmin.top and then visit https://v6.thinkadmin.top/admin.htmlhttps://bbounty.000webhostapp.com/cors.php?id=xxxxx2 and see xss is executed Impact DOM based xss via url hash fragment...
Cross site scripting
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...
CVE-2021-23027
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...
CVE-2021-23027
CVE-2021-23027 affects BIG-IP TMUI: a DOM-based XSS in an undisclosed page of the Configuration utility allows an attacker to run JavaScript in the context of the logged-in user. Affected versions are 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3. Fixed in 16.0.1.2, 1...
Cross site scripting
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...
CVE-2021-23041
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...
CVE-2021-23041
CVE-2021-23041 is a DOM-based cross-site scripting (XSS) vulnerability in BIG-IP TMUI/Configuration utility. It affects BIG-IP versions: 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all 12.1.x. An authenticated user can submit malicious HTML/Ja...
CVE-2021-21577
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link...
CVE-2021-21576
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link...
Cross site scripting
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link...
Cross site scripting
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link...
CVE-2021-21576
Dell EMC iDRAC9 is affected by a DOM-based cross-site scripting (XSS) vulnerability in versions prior to 4.40.40.00. The issue enables an attacker to cause client-side code execution by persuading a user to click a specially crafted link, with user interaction required. The CVSS details indicate ...
CVE-2021-21576
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link...