CVE-2018-6958

VMware vRealize Automation vRA prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting XSS attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation...

CVE-2018-6958

Summary: CVE-2018-6958 affects VMware vRealize Automation (vRA) before 7.3.1, via a DOM-based XSS vulnerability that may lead to a compromised vRA user workstation. Affected versions: vRA 7.0.x, 7.1.x, 7.2.x, and 7.3.x before 7.3.1. Root cause: DOM-based XSS in the vRA interface. Impact: potentia...

VMSA-2018-0009:vRealize Automation updates address multiple security issues.

VMSA-2018-0009 vRealize Automation updates address multiple security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0009 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: vRealize Automation updates address multiple security issues...

MyCrypto: DOM Based XSS in mycrypto.com

Description & PoC The "connected successfully" message is printed out without any output sanitation: F271357 This is how it's being printedthis code snippet is taken from mycrypto-master.js, line 4072: F271359 An attacker can simply put his payload at the link and it'll be embedded within the pag...

maisonsdumonde.com XSS vulnerability

Open Bug Bounty ID: OBB-558281 Description| Value ---|--- Affected Website:| maisonsdumonde.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) DOM Based XSS

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The application is vulnerable to a DOM-based cross-site scripting. Da...

Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities

Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...

Razer US: Authenticated DOM-based XSS in deals.razerzone.com via the rurl parameter.

The researcher discovered that deals.razerzone.com was vulnerable to Authenticated DOM-based XSS via the rurl parameter, which could allow account hijacking via session cookies. The researcher identified the specific code snippet and provided two PoCs with different techniques. Another great repo...

AlienVault : DOM-Based XSS in www.alienvault.com

Summary: There is a DOM-Based XSS vulnerability in the 'usma-code' parameter in /products/usm-anywhere/free-trial/thank-you-approved . Description: The link...

AlienVault : DOM Based XSS in https://threatcrowd.org

Hello AlienVault security team, I found a DOM Based XSS in https://threatcrowd.org via report function. Proof of Concept Steps to reproduce: 1. https://threatcrowd.org/report.php?report= 2. Fill in with this payload: javascript:promptdocument.domain 3. Send link to victim, when victim click in to...

Logitech Media Server DOM Based XSS Vulnerability

Logitech Media Server is prone to a dom based cross site scripting vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross site scripting

DOM Based Cross Site Scripting XSS exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI...

CVE-2017-15687

CVE-2017-15687 is a DOM-based Cross-Site Scripting (XSS) vulnerability in Logitech Media Server. The issue affects multiple releases (7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, 7.9.1) and is exploitable via a crafted URI, as described across CVE records and OpenVAS entries. The root cause is DOM-b...

Logitech Media Server - Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: DOM Based Cross Site Scripting XSS - Logitech Media Server Shodan Dork: Logitech Media Server Date: 14/10/2017 Exploit Author: Thiago "THX" Sena Vendor Homepage: https://www.logitech.com Tested on: windows 10 CVE :...

Mac OS X 10.12 isolation mechanism bypass vulnerability

Vulnerability summary Mac OS X a vulnerability exists that could allow an attacker to bypass the Apple of the isolation mechanism, without any restrictions to execute arbitrary JavaScript code. Vulnerability submitter From WeAreSegment security researcher Filippo Cavallarin to Beyond Security SSD...

Logitech Media Server - Cross-Site Scripting

Logitech Media Server - Cross-Site Scripting Exploit Title: DOM Based Cross Site Scripting XSS - Logitech Media Server Shodan Dork: Logitech Media Server Date: 14/10/2017 Exploit Author: Thiago "THX" Sena Vendor Homepage: https://www.logitech.com Tested on: windows 10 CVE : CVE-2017-15687...

Logitech Media Server - Cross-Site Scripting

Exploit Title: DOM Based Cross Site Scripting XSS - Logitech Media Server Shodan Dork: Logitech Media Server Date: 14/10/2017 Exploit Author: Thiago "THX" Sena Vendor Homepage: https://www.logitech.com Tested on: windows 10 CVE : CVE-2017-15687 ----------------------------------------------- PoC:...

Apple Mac OS X + Safari - Local Javascript Quarantine Bypass Vulnerability

Exploit for macOS platform in category local exploits Title: Mac OS X Local Javascript Quarantine Bypass Product: Mac OS X Version: 10.12, 10.11, 10.10 and probably prior Vendor: apple.com Type: DOM Based XSS Risk level: 3 / 5 Credits: email protected CVE: N/A Vendor notification: 2017-07-15 Vend...

Mac OS X Local Javascript Quarantine Bypass

Advisory ID: SGMA17-002 Title: Mac OS X Local Javascript Quarantine Bypass Product: Mac OS X Version: 10.12, 10.11, 10.10 and probably prior Vendor: apple.com Type: DOM Based XSS Risk level: 3 / 5 Credits: [email protected] CVE: N/A Vendor notification: 2017-07-27 Vendor fix:...

Mac OS X Local Javascript Quarantine Bypass youtube Vulnerability

Exploit for macOS platform in category local exploits Details Mac OS X contains a vulnerability that allows the bypass of the Apple Quarantine and the execution of arbitrary Javascript code without restrictions. Basically, Apple's Quarantine works by setting an extended attribute to downloaded...