gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...

CVE-2024-29193

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

CVE-2024-29193 GHSL-2023-207 gotortc DOM-based Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

CVE-2024-29193

CVE-2024-29193 affects gotortc (go2rtc) where DOM-based XSS arises from lack of input sanitization when rendering API data on index.html via innerHTML. Affected versions: 1.8.5 and prior. The index page fetches streams client-side, iterates with Object.entries, and appends the first item with inn...

CVE-2024-29193 GHSL-2023-207 gotortc DOM-based Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

PT-2024-22795 · Gotortc · Gotortc

Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: The issue is related to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being append...

CVE-2024-29154

danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText...

CVE-2024-29154

danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText...

CVE-2024-29154

Fabric (danielmiessler) up to version 1.3.0 is affected by an XSS flaw in installer/client/gui/static/js/index.js due to innerHTML mishandling in htmlToPlainText. Impact described as cross-site scripting; no exploit details are provided in the documents. A PT-2024-22771 advisory suggests mitigati...

CVE-2024-29154

danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText...

CVE-2024-29154

danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText...

CVE-2023-43797 BigBlueButton Stored Cross-site Scripting vulnerability at Guest Lobby

BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby...

Cross Site Scripting (XSS)

quill-mention is vulnerable to Cross Site Scripting. The vulnerability is due to mention.js and quill.mention.js as there is no escaping or sanitization for the list items which are rendered using innerHTML. This allows an attacker to insert a malicious script in innerHTML. When the script is...

Stored XSS at Guest Lobby

Description Guest Lobby is vulnerable to XSS when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML Proof of Concept 1.Start a new web conference and change Guest policy to "Ask Moderator" role moderator 2.Attacker edit "Message to the...

SUSE CVE-2017-7799

JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting XSS attack...

SUSE CVE-2019-11744

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

Remote Code Execution

@editorjs/editorjs is vulnerable to remote code execution. An attacker is able to upload and execute malicious code on the system via pasted input into wrapper's innerHTML method...

CVE-2022-23474 editor.js contains Code Injection

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

Cross-site Scripting (XSS)

rails is vulnerable to cross-site scriptingXSS attacks. The use of the innerHTML in checkNoMatch function allows a remote authenticated attacker to inject and execute malicious JavaScript on victim's browser...