Cisco Webex DOM-Based Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...

U.S. Dept Of Defense: █████ - DOM-based XSS

Greetings, I've discovered a DOM-based XSS at ███ Proof of concept: 1. Go to https://████/█████████/home/troubleshoot.html?lang=en 2. In the username field, add the following code: --button/autofocus/onfocus=Function"confirm1";//name="XSS 3. The javascript code is correctly executed: ██████ Impac...

U.S. Dept Of Defense: █████ - DOM-based XSS

Greetings, I've discovered a DOM-based XSS at ██████ Proof of concept: 1. Go to https://███/█████/home/troubleshoot.html?lang=en&returnUrl=https://█████/███████/home/signin.html?returnUrl=https%3A//████/██████████/home/user.html 2. In the username field, add the following code:...

Security Bulletin: Various security issues exist in WebSphere Service Registry and Repository version 8.0

Summary This bulletin describes a variety of minor security issues that have been found and fixed in WebSphere Service Registry and Repository version 8.0 Vulnerability Details CVE ID: CVE-2014-6153 DESCRIPTION: WSRR WEBUI ISSUES A COOKIE WHICH IS NOT DECLARED SSL ONLY. CVSS CVSS Base Score: 2.6...

Security Bulletin: Various security issues exist in WebSphere Service Registry and Repository version 7.5

Summary This bulletin describes a variety of minor security issues that have been found and fixed in WebSphere Service Registry and Repository version 7.5 Vulnerability Details CVE ID: CVE-2014-6153 DESCRIPTION: WSRR WEBUI ISSUES A COOKIE WHICH IS NOT DECLARED SSL ONLY. CVSS CVSS Base Score: 2.6...

Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper

Summary The “Steam Inventory Helper” Chrome extension version 1.13.6 suffered from both a DOM-based Cross-site Scripting XSS and a clickjacking vulnerability. By combining these vulnerabilities it is possible to gain JavaScript code execution in the highly-privileged context of the extension’s...

CVE-2018-0149

A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based DOM-based, stored cross-site scripting XSS attack against a us...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based DOM-based, stored cross-site scripting XSS attack against a us...

CVE-2018-0149

A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based DOM-based, stored cross-site scripting XSS attack against a us...

CVE-2018-0149

The CVE-2018-0149 entry affects Cisco Integrated Management Controller (IMC) Supervisor Software and Cisco UCS Director Software. The web-based management interface is vulnerable to DOM-based stored XSS caused by insufficient input validation. An authenticated, remote attacker can trick a user in...

Cisco Integrated Management Controller Supervisor and Cisco UCS Director DOM Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based DOM-based, stored cross-site scripting XSS attack against a us...

Cross site scripting

app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes...

CVE-2018-11245

app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes...

CVE-2018-11245

CVE-2018-11245 affects MISP 2.4.91, with a DOM-based XSS flaw in app/webroot/js/misp.js related to cortex type attributes. The vulnerability allows injection of arbitrary scripts in web pages rendered by MISP; CVSS v3.0 base score 6.1 (Network, Low complexity, User interaction Required, Confident...

CVE-2018-11245

app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes...

DOM-type cross-site scripting vulnerabilities in the front-end of Xingyunhai CMS (XYHcms)

Xing Yunhai CMS XYHcms is a completely open source CMS content management system. Xing Yunhai CMS XYHcms front-end DOM-type cross-site scripting vulnerabilities. Attackers can use the vulnerability to insert js code in the packet to obtain user cookies and other information...

PT-2018-10423 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP version 2.4.91 Description: The issue is related to a DOM-based XSS in the app/webroot/js/misp.js file, specifically with cortex type attributes. Recommendations: For MISP version 2.4.91, update to a newer version that contains a fix for...

RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cr

Exploit for java platform in category web applications SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS vulnerabilities product: RSA Authentication Manager vulnerable version: 8.2.1.4.0-build1394922, 8.3 P1...

RSA Authentication Manager 8.2.1.4.0-build1394922 8.3 P1 - XML External Entity Injection Cross-Site Flashing DOM Cross-Site Scripting

RSA Authentication Manager 8.2.1.4.0-build1394922 8.3 P1 - XML External Entity Injection Cross-Site Flashing DOM Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS vulnerabilities product: R...

Cross site scripting

VMware vRealize Automation vRA prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting XSS attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation...