CVE-2017-17678

BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting XSS. A DOM-based cross-site scripting vulnerability was discovered in a legacy utility...

BMC Remedy Mid Tier 9.1SP3 跨站脚本漏洞

BMC Software BMC Remedy 9.1SP3 is an application from BMC Software, Inc. It provides off-the-shelf IT Information Library ITIL service support functionality. A cross-site scripting vulnerability exists in BMC Remedy Mid Tier 9.1SP3, which stems from a dom-based cross-site scripting vulnerability...

Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2021-1910)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : pki-core (EulerOS-SA-2021-1910)

According to the versions of the pki-core packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting XSS attack to inject co...

CVE-2021-28556

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is...

CVE-2021-32544

CVE-2021-32544 relates to Intelligent Global Technology Ltd. igt+ where the search function fails to filter special characters in certain fields, enabling remote authenticated attackers to inject malicious JavaScript and perform DOM-based XSS. The vulnerability is described as DOM-based XSS with ...

PT-2021-3404 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitati...

Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2021-1831)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-21541

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser...

Cross site scripting

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser...

EulerOS 2.0 SP3 : pki-core (EulerOS-SA-2021-1831)

According to the versions of the pki-core packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate ov...

Dell iDRAC Multiple Vulnerabilities (DSA-2021-073)

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple vulnerabilities: - A Time-of-check Time-of-use TOCTOU race condition vulnerability. A remote authenticated attacker may potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is...

Important: pki-core

Issue Overview: A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser...

Pi-hole Web Interface < 5.5 Stored DOM XSS Vulnerability

The Pi-hole Web Interface previously AdminLTE is prone to a stored DOM based cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

U.S. Dept Of Defense: DOM Based XSS on https://████ via backURL param

Description: The following endpoint suffers from DOM Based XSS https://████████/██████=javascript:alertdocument.domain The ████████ param determines the content which will be displayed on the "Back to Search Result" button, eventually leading to RXSS. References ██████ Regards nagli Impact...

CVE-2021-22993

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development EoSD are no...

CVE-2021-22993

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development EoSD are no...

Design/Logic Flaw

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development EoSD are no...

CVE-2021-22993

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development EoSD are no...

CVE-2021-22993

CVE-2021-22993 affects BIG-IP Advanced WAF and BIG-IP ASM. The vulnerability is a DOM-based XSS on the DoS Profile properties page in affected versions: 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3. The root cause is DOM-...