CVE-2020-7239

The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent...

CVE-2020-7239

The CVE-2020-7239 entry concerns the WordPress plugin conversation-watson (before 0.8.21). The vulnerability is a DOM-based XSS that is triggered when a chat message containing JavaScript is sent, indicating an input/output filtering weakness in the plugin's handling of client-side data. The Red ...

CVE-2020-6847

OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript...

Cross site scripting

OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript...

CVE-2020-6847

OpenTrade up to version 0.2.0 contains a DOM-based XSS vulnerability that is triggered when an administrator attempts to delete a message that contains JavaScript. The root cause is related to client-side data handling in the web application, leading to potential injection of script during the de...

CVE-2020-6847

OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript...

CVE-2019-18652

A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and...

Design/Logic Flaw

A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and...

Cross site scripting

DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Analysis Object Page...

CVE-2019-5989

The CVE-2019-5989 issue is a DOM-based cross-site scripting vulnerability in the Analysis Object Page of Access analysis CGI An-Analyzer (released around 2019-06-24). The root cause is DOM-based XSS that could allow a remote attacker to inject arbitrary web script or HTML via the Analysis Object ...

Razer: dom based xss on [hello.merchant.razer.com]

The tester discovered a DOM based xss on a Razer Merchant Services status server, associated with an unneeded application. Razer Fintech appreciates the tester bringing this to their attention and the clear PoC...

Security Bulletin: Vulnerability affects IBM Watson Assistant for IBM Cloud Pak for Data

Summary DOM-based vulnerability affects IBM Watson TM Assistant for IBM Cloud Pak for Data. A DOM-based, cross-site scripting vulnerability was found in the admin console where user input was not validated correctly. An authenticated user could exploit the flaw by injecting JavaScript code into t...

CVE-2011-3606

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DO...

Cross site scripting

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DO...

CVE-2011-3606

CVE-2011-3606 affects JBoss Application Server 7.x prior to 7.1.0 Beta 1 in its administration console. It is a DOM-based cross-site scripting flaw: a remote attacker can lure a privileged administrator to a crafted page, causing DOM environment modification and arbitrary HTML/script execution. E...

LY Corporation: DOM-based XSS on mobile.line.me

The reporter found a DOM-based XSS affecting mobile.line.me, which could have resulted in an attacker gaining access to information about a user's mobile plans, usage and user details registered as part of their mobile subscription plan...

Vulnerability hunting with Semmle QL: DOM XSS

In two previous blog posts part 1 and part 2, we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of­­­...

Vulnerability hunting with Semmle QL: DOM XSS

In two previous blog posts part 1 and part 2, we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of­­­...

Cross-Site Scripting (XSS)

PrettyPhoto is vulnerable to DOM-based cross-site scripting XSS. The attack is possible because it fails to encode special characters from user provided data after the in the URL. The vulnerability exists in the getHashtag function of js/jquery.prettyPhoto.js, allowing an attacker to inject...

Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client-side cross-site scripting XSS attack. The vulnerability occurs because...