CVE-2021-21577

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link...

CVE-2021-21576

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link...

BMC Remedy Mid Tier 9.1SP3 跨站脚本漏洞

BMC Software BMC Remedy 9.1SP3 is an application from BMC Software, Inc. It provides off-the-shelf IT Information Library ITIL service support functionality. A cross-site scripting vulnerability exists in BMC Remedy Mid Tier 9.1SP3, which stems from a dom-based cross-site scripting vulnerability...

PT-2021-3404 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitati...

pki-core: XSS in the certificate search results

A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting XSS attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity...

XSS_Bypass_Payload

It is an offensive tool for XSS. The repository contains a collection of XSS bypass payloads, which are used to exploit vulnerabilities in web applications to inject malicious code. The payloads are designed to bypass various security measures, such as Content Security Policy CSP and XSS filters...

GHSA-F8RQ-M28H-8HXJ Cross-Site Scripting in htmr

Versions of htmr prior to 0.8.7 are vulnerable to Cross-Site Scripting XSS. The package uses innerHTML to unescape HTML entities. This may lead to DOM-based XSS through HTML-encoded XSS payloads. This may allow an attacker to execute arbitrary JavaScript in a victim's browser. Recommendation...

GHSA-536Q-8GXX-M782 Cross-Site Scripting in dojo

Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting XSS. The package does not sanitize URL parameters in the testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.4.2 o...

Multiple vulnerabilities in Access analysis CGI An-Analyzer

Overview Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains multiple vulnerabilities listed below. OS command injection in the Management Page CWE-78 - CVE-2019-5987 Stored cross-site scripting in the Management Page CWE-79 - CVE-2019-5988 DOM-based cross-site scripting in t...

DOM-type cross-site scripting vulnerabilities in the front-end of Xingyunhai CMS (XYHcms)

Xing Yunhai CMS XYHcms is a completely open source CMS content management system. Xing Yunhai CMS XYHcms front-end DOM-type cross-site scripting vulnerabilities. Attackers can use the vulnerability to insert js code in the packet to obtain user cookies and other information...

CVE-2017-3152

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality...

CVE-2017-2929

Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution...