Atlassian Jira 8.14.x < 8.15.1 Multiple Vulnerabilities (1/2)

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.12, 8.6.x 8.13.4 or 8.14.x 8.15.1. It is, therefore, affected by multiple vulnerabilities: - A DOM based Cross-Site Scripting XSS vulnerability caused by parameter...

FreeBSD : Gitlab -- Multiple Vulnerabilities (8ba8278d-db06-11eb-ba49-001b217b3468)

Gitlab reports : DoS using Webhook connections CSRF on GraphQL API allows executing mutations through GET requests Private projects information disclosure Denial of service of user profile page Single sign-on users not getting blocked Some users can push to Protected Branch with Deploy keys A...

CVE-2021-28556

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is...

Cross site scripting

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is...

CVE-2021-28556 Magento Commerce DOM-based cross-site scripting (XSS) could lead to arbitrary javascript execution

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is...

CVE-2021-28556

CVE-2021-28556 affects Magento Commerce/Open Source: Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier, and 2.3.6-p1 and earlier. The root cause is a DOM-based Cross-Site Scripting vulnerability in the mage-messages cookies, which could allow an unauthenticated attacker to achieve arbitrar...

Kimai v1.13 - (textarea) Cross Site Scripting Vulnerability

Document Title: =============== Kimai v1.13 - textarea Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2269 Release Date: ============= 2021-06-22 Vulnerability Laboratory ID VL-ID: ====================================...

QNAP QTS XSS Vulnerability (QSA-21-22)

QNAP QTS is prone to a DOM-based cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts...

CVE-2021-28806

A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build 20210428. QNAP Systems Inc. QuTS hero versions pri...

Design/Logic Flaw

A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build 20210428. QNAP Systems Inc. QuTS hero versions pri...

CVE-2021-28806

CVE-2021-28806 is a DOM-based XSS affecting QNAP NAS UI components in QTS and QuTS hero. Affected: QTS before 4.5.3.1652 Build 20210428; QuTS hero before h4.5.2.1638 Build 20210414; QuTScloud before c4.5.5.1656 Build 20210503. Not affecting QTS 4.3.6/4.3.3. Root cause: DOM-based XSS in web interf...

CVE-2021-28806 DOM-Based XSS Vulnerability in QTS and QuTS hero

A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build 20210428. QNAP Systems Inc. QuTS hero versions pri...

CVE-2020-25715

A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting XSS attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity...

CVE-2020-25715

CVE-2020-25715 affects pki-core 10.9.0 and is described across multiple Nessus/OpenVAS/OS advisories as a reflected DOM-based XSS in the search query form that can inject code, with data integrity as the stated highest impact. The linked documents confirm the vulnerability, listing CVE-2020-25715...

CVE-2020-25715

A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting XSS attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity...

Spotweb 1.4.9 - DOM Based Cross-Site Scripting Vulnerability

Exploit Title: Spotweb 1.4.9 - DOM Based Cross-Site Scripting XSS Exploit Author: @nu11secur1ty Software Link: https://github.com/spotweb/spotweb Proof: https://streamable.com/hix5o1 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty from selenium import webdriver import time import os, sy...

Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS)

Exploit Title: Spotweb 1.4.9 - DOM Based Cross-Site Scripting XSS Exploit Author: @nu11secur1ty Date: 05.20.2021 Software Link: https://github.com/spotweb/spotweb Proof: https://streamable.com/hix5o1 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty from selenium import webdriver import...

Spotweb-Develop 1.4.9 Cross Site Scripting

Exploit Title: Cross Site Scripting DOM Based spotweb-develop 1.4.9 Author: @nu11secur1ty Testing and Debugging: nu11secur1ty $ OWASP-ZAP Date: 05.20.2021 Vendor: https://www.nzbserver.com/ Link: https://github.com/spotweb/spotweb CVE: 2021-XXXX Proof: https://streamable.com/hix5o1 + Exploit...

Cross site scripting

BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting XSS. A DOM-based cross-site scripting vulnerability was discovered in a legacy utility...

CVE-2017-17678

Affected product: BMC Remedy Mid Tier 9.1SP3. Vulnerability: DOM-based cross-site scripting (XSS) in a legacy utility within the web interface. Root cause: likely improper handling of user-controllable input in the legacy utility, enabling script execution in the browser context. Impact: cross-si...