Schneider Electric Pelco Sarix/Spectra Cameras XSS Vulnerability

Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser sessi...

Grab: Dom based xss affecting all pages from https://www.grab.com/.

Hello, there's a dom based xss vulnerability affecting all pages under the domain https://www.grab.com/. This vulnerability wasn't properly patched so I managed to bypass the regular expressioned that was added into the function. Vulnerable code: var stripHtml = function var div =...

CVE-2017-6700

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM based environment or client-side cross-site scripting XSS attack against a us...

CVE-2017-6700

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM based environment or client-side cross-site scripting XSS attack against a us...

CVE-2017-6700

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM based environment or client-side cross-site scripting XSS attack against a us...

Cisco Prime Infrastructure and Evolved Programmable Network Manager DOM Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM based environment or client-side cross-site scripting XSS attack against a us...

Starbucks: DOM-based XSS in store.starbucks.co.uk on IE 11

We've found DOM XSS on store.starbucks.co.uk and other related domains such as store.starbucks.fr and store.starbucks.ca. It appears to be a JQuery based DOM XSS in the parseHTML sink. In order to trigger the XSS you need to use IE11 and the PoC will visit the url first, wait 5 seconds and then...

WordPress < 4.7.5 Multiple Vulnerabilities

Binary data 700121.prm...

Verizon Patches XSS Issues in its Messaging Client

Verizon late last year patched a vulnerability in its Message+ messaging client that could have allowed an attacker to take over a session and possibly extend their reach into a user’s account management settings. Researcher Randy Westergren yesterday disclosed some details on the bug, which coul...

WordPress: DOM Based XSS In mercantile.wordpress.org

Hello, There is a DOM XSS in mercantile.wordpress.org in the apparel subcat. For example: https://mercantile.wordpress.org/product-category/apparel/?subcat= Steps To Reproduce 1. Go to https://mercantile.wordpress.org 2. Click on apparel 3. In the url bar add : /?subcat=" The domain will pop-up. ...

WordPress < 4.7.5 Multiple Vulnerabilities

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.7.5. It is, therefore, affected by multiple vulnerabilities : - A DOM-based cross-site scripting XSS vulnerability exists in the uploadSizeError function within file...

Zendesk: dom based xss in *.zendesk.com/external/zenbox/

See title...

Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) XSS Vulnerability

Serviio PRO DLNA Media Streaming Server version 1.8.0.0 PRO, 1.7.1, 1.7.0, and 1.6.1 suffer from a mediabrowser cross site scripting vulnerability. Serviio PRO 1.8 DLNA Media Streaming Server mediabrowser DOM Based XSS Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org...

Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) DOM Based XSS

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The application is vulnerable to a DOM-based cross-site scripting. Da...

Pornhub: DOM-based XSS on youporn.com (main page)

The researcher found a DOM-based XSS on the youporn.com main page. The malicious input could be injected into JS comment section //jscomment. Using CRLF %0d%0a in the , it was possible to escape from JS comment section, and execute arbitrary JavaScript. Simple alert box, and crossdomain request...

WordPress audio playlist functionality is affected by Cross-Site Scripting

Abstract Two Cross-Site Scripting vulnerabilities exists in the playlist functionality of WordPress. These issues can be exploited by convincing an Editor or Administrator into uploading a malicious MP3 file. Once uploaded the issues can be triggered by a Contributor or higher using the playlist...

WordPress < 4.7.3 Multiple Vulnerabilities

Binary data 9980.prm...

CVE-2016-8232

Document Object Model-DOM based cross-site scripting vulnerability in the Advanced Management Module AMM versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject...

CVE-2016-8232

Document Object Model-DOM based cross-site scripting vulnerability in the Advanced Management Module AMM versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject...

Cross site scripting

A vulnerability in Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting XSS attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.82.5...