CVE-2020-2017 PAN-OS: DOM-Based cross site scripting vulnerability in management web interface

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's...

PAN-OS: DOM-Based cross site scripting vulnerability in management web interface

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's...

CVE-2020-5334

RSA Archer, versions prior to 6.7 P2 6.7.0.2, contains a Document Object Model DOM based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM...

Mail.ru: XSS at go.mail.ru

DOM-based self XSS in go.mail.ru social search functionality...

Cross-Site Scripting

Overview Versions of htmr prior to 0.8.7 are vulnerable to Cross-Site Scripting XSS. The package uses innerHTML to unescape HTML entities. This may lead to DOM-based XSS through HTML-encoded XSS payloads. This may allow an attacker to execute arbitrary JavaScript in a victim's browser...

Rockstar Games: Dom based XSS on www.rockstargames.com/GTAOnline/features/freemode

In this report, the researcher identified a DOM-Based XSS vulnerability on www.rockstargames.com/GTAOnline/features/freemode. This type of attack can result in cookie theft, or enable CSRF and phishing attacks. With the researcher's help we were able to identify the cause of the vulnerability and...

CVE-2020-6845

An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack...

Design/Logic Flaw

An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack...

CVE-2020-6845

TopManage OLK 2020 is affected by a DOM-based XSS issue caused by not setting ReadOnly on the session cookie, enabling takeover of user and admin accounts. Multiple sources (NVD, Red Hat, CNVD, etc.) corroborate the vulnerability in TopManage OLK 2020. The provided documents describe the root cau...

CVE-2020-6845

An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack...

CVE-2020-7050

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cooki...

CVE-2020-7050

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cooki...

Design/Logic Flaw

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cooki...

CVE-2020-7050

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cooki...

CVE-2020-7050

Codoforum (Codologic) up to version 4.8.4 is affected by a DOM-based XSS vulnerability. The issue arises when a normal user creates a new topic and adds a poll, which is then automatically loaded in the DOM when the thread is opened. The description notes that session cookies lack the HttpOnly fl...

Cross site scripting

An internal product security audit of Lenovo XClarity Administrator LXCA discovered a Document Object Model DOM based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The...

CVE-2019-19757

An internal product security audit of Lenovo XClarity Administrator LXCA discovered a Document Object Model DOM based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The...

Razer: DOM-based XSS on https://zest.co.th/zestlinepay/

The tester discovered a DOM based XSS on a Razer Gold Thailand associated website that could allow stealing of user session cookies. He provided excellent reproduction steps and a video PoC. Razer thanks the tester for his great report and helping us to keep our customers' information secure...

CVE-2020-7239

The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent...

CVE-2020-7239

The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent...