PT-2026-42227

TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...

CVE-2025-68854 WordPress ID Arrays plugin <= 2.1.2 - POST-Based Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harman79 ID Arrays id-arrays allows DOM-Based XSS.This issue affects ID Arrays: from n/a through = 2.1.2...

PT-2026-4534

Name of the Vulnerable Software and Affected Versions Sourcecodester Domain Availability Checker version 1.0 Description A DOM-based Cross-Site Scripting XSS issue exists in the DomainCheckerApp class within the domain/script.js file. The application does not properly handle user-supplied data in...

CVE-2026-22637

...

PT-2025-53262

Name of the Vulnerable Software and Affected Versions WPBakery Visual Composer WHMCS Elements versions through 1.0.4.3 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This allows for the...

CVE-2025-63785

CVE-2025-63785 affects the Onlook web application (version 0.2.32) in its text editor feature. The root cause is unsafe handling of user input: input is not sanitized before being injected into the DOM via innerHTML when editing a text element, enabling a DOM-based XSS attack. Exploitation would ...

EUVD-2018-0786

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-23395

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting XSS. CVE-2022-23395 Note that Nessus relies on the presence o...

GHSA-X8QP-WQQM-57PH vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes

Summary The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, this setting fails to prevent execution of certain tag-based payloads, such as , if the interpolated value is inserted inside an HTML context...

CVE-2025-47929 DumbDrop vulnerable to DOM XSS via file upload

DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into uploading a file with a malicious payload...

TikTok: DOM XSS in tiktok.com/login via the redirect_url parameter

A DOM Cross-Site Scripting XSS vulnerability was found in the redirecturl parameter on the tiktok.com/login page. The vulnerability was reported and confirmed to be resolved...

DOM Cross Site Scripting and openredirect

Vulnerable Endpoint: https://demo.saleor.io/default-channel/en-US/account/login/?next=javascript:alert1 Description: 1. Hello team, Recently i found that, on saleor React storefront dashboard there is a DOM XSS and open-redirect vulnerability Steps to reproduce XSS: 1. Go to the above mentioned...

Cross site scripting

Due to a lack of proper input validation, SAP Commerce Webservices 2.0 Swagger UI - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a DOM Cross-Site Scripting XSS attack. As a result, an attacker may be able t...

CVE-2022-41266

Due to a lack of proper input validation, SAP Commerce Webservices 2.0 Swagger UI - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a DOM Cross-Site Scripting XSS attack. As a result, an attacker may be able t...

DOM XSS on lab.flipper.net via the "channel" or "version" parameters

Description Hi ! The Web Platform for the Flipper is vulnerable to DOM XSS via the channel and version parameters. This occurs because when the user clicks on Choose firmware the values are passed directly to innerHTML without parsing. Proof of Concept 1. 1 The user access the following URL :...

Swagger UI 3.14.0 < 3.38.0 Cross-Site Scripting

Swagger UI is a popular library used to beautify API specifications and render it to the users. Swagger UI versions 3.14.1 to 3.37.2 suffer from a DOM Cross-Site Scripting XSS vulnerability due to an outdated DomPurify embedded library and a feature available in the Swagger UI library itself whic...

GHSA-GCX5-3P5F-F8VP Prototype Pollution in jquery.cookie

jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting XSS...

Cross site scripting

The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue...

CVE-2020-36288

The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting XSS vulnerability caused...

CVE-2020-36288

The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting XSS vulnerability caused...