4382 matches found
CVE-2020-15139 XSS in MyBB
In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...
PT-2020-14219 · Mybb · Mybb
Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.24 Description: The issue arises from improper input escaping in the custom MyCode for the visual editor, leading to a DOM-based XSS vulnerability. This can be exploited by directing a victim to a page with the visu...
BugPoC: DOM based Cross-site Scripting
Summary: The postMessage API is an alternative to JSONP, XHR with CORS headers and other methods enabling sending data between origins. It was introduced with HTML5 and like many other cross-document features it can be a source of client-side vulnerabilities. Steps To Reproduce: Visit -...
Automattic: [api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS
Hello i have found a clickjacking vulnerability in https://api.tumblr.com/console/ And a self DOM-based XSS In https://api.tumblr.com/console/calls/user/follow/unfollow A attacker can exploit the clickjacking to trigged the self DOM-based XSS Vulnerable URL to clickjacking :...
Automattic: DOM-Based XSS in tumblr.com
Description Hi, i would like to report DOM-Based XSS that it's exactly like this one 882546, this one work just because the page /reblog/ID/OTHERID doesn't have a correct CSP rule. Steps to reproduce 1. go to https://www.tumblr.com/reblog/620008931446652928/JBuEvzz5 2. click in click me 3. click ...
Critical Magento Flaws Allow Code Execution
Critical flaws in Adobe’s Magento e-commerce platform – which is commonly targeted by attackers like the Magecart cybergang – could enable arbitrary code execution on affected systems. Magento is a popular, Adobe-owned open-source e-commerce platform that powers many online shops. Adobe on Tuesda...
CVE-2020-9691
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution...
CVE-2020-9691
CVE-2020-9691 affects Magento 2.3.5-p1 and earlier, with a DOM-based cross-site scripting vulnerability that could lead to arbitrary code execution. The documents confirm the affected product version range and the underlying class of vulnerability, but do not provide exploitation details or a con...
PT-2020-5059 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.3.5-p1 and earlier Description: The issue is related to the lack of protection of the web page structure in Magento Commerce, a platform for developing and managing online stores. This could allow a remote attacker to execu...
lemlist: CVE-2019-19935 - DOM based XSS in the froala editor
Summary: A stored XSS flow exist in the froala editor used in the web application. This can be trigger by using the code view of the editor Steps To Reproduce: 1. Start a new campaign 2. fill all the fieds and choose blank email template for the message 3. Switch to code editor view and inject "...
Docsify.js 4.11.4 - Reflective Cross-Site Scripting
Exploit Title: Docsify.js 4.11.4 - Reflective Cross-Site Scripting Date: 2020-06-22 Exploit Author: Amin Sharifi Vendor Homepage: https://docsify.js.org Software Link: https://github.com/docsifyjs/docsify Version: 4.11.4 Tested on: Windows 10 CVE : CVE-2020-7680 docsify.js uses fragment identifie...
FinDOM-XSS - A Fast DOM Based XSS Vulnerability Scanner With Simplicity
FinDOM-XSS is a tool that allows you to finding for possible and/ potential DOM based XSS vulnerability in a fast manner. Installation $ git clone https://github.com/dwisiswant0/findom-xss.git Dependencies: LinkFinder Configuration Change the value of LINKFINDER variable on line 3 with your main...
WooCommerce < 4.2.1 - Potential Cross-Site Scripting (XSS) via SelectWoo
A DOM based Cross-Site Scripting XSS vulnerability was found to affect the SelectWoo dependency that WooCommerce used. SelectWoo replaces the standard box in web browsers...
CVE-2020-9647
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting dom-based vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...
Cross site scripting
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting dom-based vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...
CVE-2020-9647
CVE-2020-9647 affects Adobe Experience Manager versions 6.5 and earlier, with a DOM-based cross-site scripting vulnerability that could lead to arbitrary JavaScript execution in the browser. Connected sources confirm the affected product and the vulnerability class; no exploitation details are pr...
8x8: DOM Based XSS at docs.8x8.com
A domain for marketing documentation contained a DOM based XSS due to evaluation and rendering of window.location.href in the related javascript...
Xiaomi: DOM-based XSS in d.miwifi.com on IE 11
There is a DOM based XSS on d.miwifi.com but it only works on IE 11...
CVE-2020-2017
A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's...
CVE-2020-2017
CVE-2020-2017 describes a DOM-based cross-site scripting vulnerability in PAN-OS/Panorama management web interfaces. A remote attacker can trick an authenticated administrator into clicking a crafted link, potentially executing arbitrary JavaScript in the admin’s browser and performing administra...