4382 matches found
CVE-2020-15952
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based...
CVE-2020-15952
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based...
Cross site scripting
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based...
CVE-2020-15952
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based...
CVE-2020-8348
A DOM-based cross-site scripting XSS vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing...
CVE-2020-8348
A DOM-based cross-site scripting XSS vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing...
CVE-2020-8348
CVE-2020-8348 affects Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4. It is a DOM-based XSS that could allow code execution in an authenticated user’s browser session when a crafted URL is visited, possibly via phishing. The available documents explicitly describe the vulner...
GHSA-F8RQ-M28H-8HXJ Cross-Site Scripting in htmr
Versions of htmr prior to 0.8.7 are vulnerable to Cross-Site Scripting XSS. The package uses innerHTML to unescape HTML entities. This may lead to DOM-based XSS through HTML-encoded XSS payloads. This may allow an attacker to execute arbitrary JavaScript in a victim's browser. Recommendation...
Cross-Site Scripting in htmr
Versions of htmr prior to 0.8.7 are vulnerable to Cross-Site Scripting XSS. The package uses innerHTML to unescape HTML entities. This may lead to DOM-based XSS through HTML-encoded XSS payloads. This may allow an attacker to execute arbitrary JavaScript in a victim's browser. Recommendation...
Acronis: DOM based XSS in store.acronis.com/<id>/purl-corporate-standard-IT [cfg parameter]
Summary Hi Acronis team, i found a DOM based XSS in store.acronis.com, this vulnerability arise from a missing escape for the \ character. Steps To Reproduce 1. go to:...
EMC RSA Archer < 6.5.0.7, < 6.6.0.6 and < 6.7.0.2 Multiple Vulnerabilities
The version of EMC RSA Archer running on the remote web server is prior to 6.7.0.3 6.7 P3 or 6.6 P6 6.6.0.6. It is, therefore, affected by multiple vulnerabilities: - RSA Archer, versions prior to 6.7 P2 6.7.0.2, contain a Document Object Model DOM based cross-site scripting vulnerability. A remo...
CVE-2020-15119 DOM-based XSS in auth0-lock
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting XSS attacks...
DOM-based XSS
Overview Versions before and including 11.25.1 are using dangerouslySetInnerHTML to display an informational message when used with a Passwordless or Enterprise connection. For Passwordless connection, the value of the input email or phone number is displayed back to the user while waiting for...
DOM-based XSS in auth0-lock
Overview Versions before and including 11.25.1 are using dangerouslySetInnerHTML to display an informational message when used with a Passwordless or Enterprise connection. - For Passwordless connection, the value of the input email or phone number is displayed back to the user while waiting for...
GHSA-6GG3-PMM7-97XC DOM-based XSS in auth0-lock
Overview Versions before and including 11.25.1 are using dangerouslySetInnerHTML to display an informational message when used with a Passwordless or Enterprise connection. - For Passwordless connection, the value of the input email or phone number is displayed back to the user while waiting for...
Azbuka Vkusa: Open redirect (DOM-based) on av.ru via "return_url" parameter (Login form)
Closed...
CVE-2020-15139
In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...
CVE-2020-15139
In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...
Cross site scripting
In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...
CVE-2020-15139
In MyBB (pre-1.8.24), the custom MyCode (BBCode) for the visual editor does not escape input when rendering HTML, causing a DOM-based XSS. Exploitation involves a victim visiting a page with the visual editor active (e.g., a post or Private Message) containing malicious MyCode, potentially on con...