312 matches found
CVE-2021-39362
An XSS issue was discovered in ReCaptcha Solver 5.7. A response from Anti-Captcha.com, RuCaptcha.com, 2captcha.com, DEATHbyCAPTCHA.com, ImageTyperz.com, or BestCaptchaSolver.com in setCaptchaCode is inserted into the DOM as HTML, resulting in full control over the user's browser by these servers...
CVE-2021-29975
Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain with the new domain correctly shown in the address bar resulting in possible user confusion. This vulnerability affects Firefox ...
CVE-2020-15119
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting XSS attacks...
CLSA-2025-1744925460 gcc: Fix of CVE-2020-11023
CVE-2020-11023: Fix issue in DOM manipulation methods to prevent execution of untrusted code...
CLSA-2025-1744925221 gcc: Fix of CVE-2020-11023
CVE-2020-11023: Fix issue in DOM manipulation methods to prevent execution of untrusted code...
CLSA-2025-1744892170 gcc: Fix of CVE-2020-11023
CVE-2020-11023: sanitize HTML content passed to DOM manipulation methods to prevent execution of untrusted code...
CLSA-2025-1744875112 gcc: Fix of CVE-2020-11023
CVE-2020-11023: Fix issue where untrusted HTML containing elements could execute untrusted code in DOM manipulation methods...
Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to cross site scripting (CVE-2022-38709)
Summary IBM Robotic Process Automation for Cloud Pak is vulnerable to cross site scripting through DOM manipulation. Vulnerability Details CVEID:CVE-2022-38709 DESCRIPTION: IBM Robotic Process Automation for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search functionality. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into user inputs. This can lead to unauthorized actions such as stealing session cookies, redirectin...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search functionality. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into user inputs. This can lead to unauthorized actions such as stealing session cookies, redirectin...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the delete API. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into user inputs. This can lead to unauthorized actions such as stealing session cookies, redirecting to...
CVE-2024-9900 Cross-Site Scripting (XSS) in mudler/localai
mudler/localai version v2.21.1 contains a Cross-Site Scripting XSS vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts...
CVE-2024-53967
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged...
CVE-2024-53967 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
Moderate: Red Hat Security Advisory: pki-core security update
An update for pki-core is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Linux Distros Unpatched Vulnerability : CVE-2020-11023
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one ...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...