4380 matches found
CVE-2017-12254
A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model DOM-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server...
CVE-2017-12254
CVE-2017-12254 affects Cisco Unified Intelligence Center web interface. Root cause: insufficient input validation of parameters passed to the web server, enabling a DOM-based cross-site scripting attack by unauthenticated remote attackers (via malicious link or intercepted request). Impact descri...
JGI CMS 1.0 Cross Site Scripting
Title: ======= JGI CMS - DOM-Based Cross Site Scripting Introduction: ============== A content management system CMS is a computer application that supports the creation and modification of digital content. It is often used to support multiple users working in a collaborative environment. CMS...
Cross site scripting
A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client-side cross-site scripting XSS attack. The vulnerability occurs because...
CVE-2017-6789
A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client-side cross-site scripting XSS attack. The vulnerability occurs because...
CVE-2017-6789
CVE-2017-6789 affects Cisco Unified Intelligence Center (CUIC). The vulnerability is a DOM-based, environment or client-side XSS resulting from unvalidated user-supplied data in the DOM input, exploitable by sending crafted URLs to the affected system. A successful exploit could allow an unauthen...
Razer US: Unauthenticated DOM-based XSS in zvault.razerzone.com via the redir parameter.
Summary --- zvault.razerzone.com is vulnerable to DOM-based XSS via the redir parameter. F219081 F219082 Affected Code --- js var redirectUrl = getUrlParameter'redir'; if isCrossOriginFrame window.location.href = redirectUrl; else window.parent.location.href = redirectUrl; Browsers Verified In --...
Razer US: Unauthenticated DOM-based XSS in pay.zvault.razerzone.com via the redir parameter.
Summary --- pay.zvault.razerzone.com is vulnerable to DOM-based XSS via the redir parameter. F219069 F219070 Affected Code --- js var redirectUrl = getUrlParameter'redir' // window.location.href; //alertredirectUrl; if isCrossOriginFrame window.location.href = redirectUrl; else...
Razer US: Authenticated DOM-based XSS in deals.razerzone.com via the rurl parameter.
The tester discovered the deals.razerzone.com website was vulnerable to open redirect via the rurl parameter e.g. https://deals.razerzone.com/user/ssologin?rurl= and that the parameter was also vulnerable DOM-based XSS. Also, the initial fix for this was a little too specific and edio was able to...
Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client-side cross-site scripting XSS attack. The vulnerability occurs because...
Stored Cross-Site Scripting (XSS)
anchorcms/anchor-cms is susceptible to stored cross-site scripting XSS vulnerability. The vulnerability exists because user input to fields in admin panel are not properly escaped. Note: the fix introduced cannot prevent from DOM based XSS...
CVE-2017-3152
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality...
CVE-2017-13138
DOM based Cross-site scripting XSS vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript...
Cross site scripting
DOM based Cross-site scripting XSS vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript...
Rockstar Games: dom based xss in http://www.rockstargames.com/GTAOnline/ (Fix bypass)
The researcher was able to bypass a previous fix for a DOM-Based XSS vulnerability 254343 by hashing part of the payload. This showed that our previous fix was insufficient, so we updated it to a more thorough solution...
Rockstar Games: dom based xss in https://www.rockstargames.com/GTAOnline/
In this report, the researcher found a DOM-Based XSS Vulnerability and was able to demonstrate an exploit that exposed cookie values. New 404 page handling code resulted in a fix for the issue...
Apple Mac OS X + Safari - Local Javascript Quarantine Bypass
Apple Mac OS X + Safari - Local Javascript Quarantine Bypass Title: Mac OS X Local Javascript Quarantine Bypass Product: Mac OS X Version: 10.12, 10.11, 10.10 and probably prior Vendor: apple.com Type: DOM Based XSS Risk level: 3 / 5 Credits: [email protected] CVE: N/A Vendor...
Apple Mac OS X + Safari - Local Javascript Quarantine Bypass
Title: Mac OS X Local Javascript Quarantine Bypass Product: Mac OS X Version: 10.12, 10.11, 10.10 and probably prior Vendor: apple.com Type: DOM Based XSS Risk level: 3 / 5 Credits: [email protected] CVE: N/A Vendor notification: 2017-07-15 Vendor fix: 2017-09-25 Public...
WakaTime: [wakatime.com] HTML Injection github-btn.html
Description === Vulnerable parameter: user Vulnerable script: https://wakatime.com/static/html/github-btn.html Vulnerable code: js var params = function var vars = , hash; var hashes = window.location.href.slicewindow.location.href.indexOf"?" + 1.split"&"; forvar i = 0; i...
Grab: [parcel.grab.com] DOM XSS at /assets/bower_components/lodash/perf/
Summary: DOM Based XSS or as it is called in some texts, “type-0 XSS” is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner...