1274 matches found
CVE-2023-48451
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-47065
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
PT-2023-8061 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a Cross-site Scripting DOM-based XSS vulnerability. It can be exploited if a low-privileged attacker convinces a victim to visit a URL referencing a...
Dell PowerProtect Data Domain Cross-Site Scripting Vulnerability
Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A cross-site scripting vulnerability exists in Dell PowerProtect Data Domain, which stems from a cross-site scripting vulnerability that...
PT-2023-8142 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a Cross-site Scripting DOM-based XSS vulnerability. It can be exploited if a low-privileged attacker convinces a victim to visit a URL referencing a...
PT-2023-7856 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a Cross-site Scripting DOM-based XSS vulnerability. It may allow a low-privileged attacker to execute malicious JavaScript content within the context of...
Code injection
fastbots is a library for fast bot and scraper development using selenium and the Page Object Model POM design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability ...
CVE-2023-48699 fastbots Eval Injection vulnerability
fastbots is a library for fast bot and scraper development using selenium and the Page Object Model POM design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability ...
PYSEC-2023-215
Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...
PT-2023-32264 · Modoboa · Modoboa
Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.2.2 Description: The issue is related to Cross-site Scripting XSS - DOM, which allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control...
PT-2023-32263 · Modoboa · Modoboa
Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.2.2 Description: The issue is related to Cross-site Scripting XSS - DOM, which allows an attacker to execute malicious scripts in the browser of a user. This can lead to unauthorized actions being taken on...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Apache Maven vulnerability (USN-5245-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5245-1 advisory. It was discovered that Apache Maven followed repositories that are defined in a dependency's Project Object Model pom even if...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a flaw in the handling of certain data inputs. An attacker can cause a denial of service by sending specially crafted data to the application. Details Denial of Service DoS describes a family of attacks, all...
PT-2023-32040 · Unknown · Thorsten/Phpmyfaq
Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.18 Description: The issue is related to Cross-site Scripting XSS - DOM, which allows attackers to execute malicious scripts in the context of the victim's browser. This can lead to unauthorized access t...
Password-stealing Chrome extension smuggled on to Web Store
Researchers at the University of Wisconsin-Madison have demonstrated that Chrome browser extensions can steal passwords from the text input fields in websites, even if the extension is compliant with Chrome's latest security and privacy standard, Manifest V3. To prove it, they created a proof of...
Mozilla: Crash in DOMParser due to out-of-memory conditions
The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations...
CVE-2023-36385
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through = 2.9.9...
Grafana WorldMap Panel Plugin DOM XSS
Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability...
CVE-2023-25732
When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
CVE-2023-31138
CVE-2023-31138 affects DHIS2 Core: starting in the 2.36 branch and before 2.37.9.1, 2.38.3.1, or 2.39.1.2, authenticated users with write access to an object may modify related objects via object model traversal in a PATCH payload. Mitigation is to upgrade to a supported version: 2.37.9.1, 2.38.3...