4380 matches found
CVE-2019-16414
A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI...
Default credentials
A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI...
ForeScout Technologies: DOM XSS at www.forescout.com in Microsoft Edge and IE Browser
Summary: I've found an DOM Based XSS on homepage Steps To Reproduce: 1.Go to this url and you'll see alert pop https://www.forescout.com/ But this will work just on ME/IE browsers because chrome and firefox have default encode system hash url And vulnerable code is on your directly source code...
CVE-2019-16414
CVE-2019-16414 affects GFI Kerio Control v9.3.0. A DOM-based XSS flaw in the login path (e.g., login/?reason=failure&NTLM=) can be used to embed malicious code and exfiltrate a victim’s credentials in cleartext. Multiple connected sources (NVD, Red Hat advisories, CVE pages, CNVD, CVE lists, and ...
CVE-2019-16414
A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI...
Cross site scripting
DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-5975
CVE-2019-5975 affects Cybozu Garoon 4.6.0–4.10.2 with a DOM-based cross-site scripting vulnerability in the Portal component (CWE-79). Root cause: insufficient input validation allows an authenticated user to cause arbitrary script/HTML execution in the user’s browser via unspecified vectors. Imp...
Cross-Site Scripting in dojo
Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting XSS. The package does not sanitize URL parameters in the testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.4.2 o...
GHSA-536Q-8GXX-M782 Cross-Site Scripting in dojo
Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting XSS. The package does not sanitize URL parameters in the testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.4.2 o...
Escalation of Privilege in Twistlock
An HTML injection vulnerability has been identified in the Twistlock Console that can lead to a DOM based XSS attack under certain configurations. Ref , CVE-2019-1583 Successful exploitation of this vulnerability allows a Twistlock user with Operator capabilities to escalate privileges to that of...
Rockstar Games: Warehouse dom based xss may lead to Social Club Account Taker Over.
The researcher brought our attention to a DOM-based Cross-Site Scripting vulnerability. Although issues on rockstarwarehouse.com are typically out of scope, this had an explicit impact on Social Club account security, so we decided we needed to act. The vulnerability only affected Internet Explor...
Sessvars < 1.01 DOM-based Cross-Site Scripting
According to its self-reported version number, Sessvars is prior to 1.01. Therefore, it may be affected by a DOM-based cross-site scripting vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source...
Multiple vulnerabilities in Access analysis CGI An-Analyzer
Overview Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains multiple vulnerabilities listed below. OS command injection in the Management Page CWE-78 - CVE-2019-5987 Stored cross-site scripting in the Management Page CWE-79 - CVE-2019-5988 DOM-based cross-site scripting in t...
Cross-Site Scripting
Overview Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting XSS. The package does not sanitize URL parameters in the testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to versio...
Upserve : DOM Based XSS via postMessage at https://inventory.upserve.com/login/
Description DOM based XSS is possible at https://inventory.upserve.com/login/ due to insecure origin checking when receiving a postMessage. POC 1. Visit https://hq.upserve.com.████████/upservexss.html 2. Click link 3. View alert on https://inventory.upserve.com Vulnerable Code javascript...
CVE-2019-3490
A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server OES allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and...
Design/Logic Flaw
A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server OES allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and...
CVE-2019-3490
A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server OES allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and...
CVE-2019-3490
CVE-2019-3490 describes a DOM-based XSS in the Netstorage component of Open Enterprise Server (OES). A remote attacker could execute JavaScript in a victim’s browser by enticing them to click a crafted link. Affected are OES2015SP1, OES2018, and OES2018SP1; older versions were not tested. The con...
ZEIT: Reflected DOM-Based XSS On Due Lack Filter On Parameter ?next
Summary: Hello I found that the parameter next lacks filtering, allowing the attacker to exploit this vulnerability to redirect users to a malicious site + The Attacker Can Exploit this bug to redirect the user to Malcious Site + The attacker can execute JavaScript code in the user browser Becaus...