CVE-2023-30454

An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...

The vulnerability of the McAfee Total Protection antivirus protection, related to deficiencies in access control to the registry, allows a hacker to modify the Component Object Model (COM) in the Windows registry.

The vulnerability of the McAfee Total Protection antivirus protection lies in its lack of access control for accessing the registry. Exploiting this vulnerability could allow an attacker to modify the Component Object Model COM in the Windows registry...

PT-2023-19296 · Ruby On Rails +1 · Rails-Ujs +1

Name of the Vulnerable Software and Affected Versions: rails-ujs versions 5.1.0 through 6.1.7.2 rails-ujs versions 5.1.0 through 7.0.4.2 Description: There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned...

McAfee Total Protection 安全漏洞

McAfee Total Protection MTP is a suite of antivirus software from McAfee, Inc. in the United States. A security vulnerability exists in McAfee Total Protection prior to version 16.0.50, which stems from a vulnerability that allows an attacker to modify the McAfee-specific component object model i...

SUSE CVE-2006-6504

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption...

SUSE CVE-2009-2462

The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1 the frame chain and synchronous events, 2 a SetMayHaveFrame assertion and...

SUSE CVE-2010-1196

Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a...

SUSE CVE-2010-1824

Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages...

SUSE CVE-2011-2627

Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service application crash via unknown content on a web page, as demonstrated by live.com...

SUSE CVE-2012-2879

Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service DOM topology corruption via a crafted document...

SUSE CVE-2013-1842

SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."...

SUSE CVE-2013-4926

epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service application crash via a crafted packet...

SUSE CVE-2015-6770

The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768...

SUSE CVE-2017-7802

A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects...

SUSE CVE-2017-7809

A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

USN-5805-1: Apache Maven vulnerability

It was discovered that Apache Maven followed repositories that are defined in a dependency’s Project Object Model pom even if the repositories weren't encryptedh http protocol. An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service...

Nuxt.js 跨站脚本漏洞

Nuxt.js is an open source web application framework based on Vue.js, Node.js, Webpack and Babel.js. A cross-site scripting vulnerability exists in versions prior to Nuxt.js v3.0.0-rc.13, which stems from cross-site scripting XSS in the DOM...

CVE-2022-45020

Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting XSS vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted GET request...

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node by the individual developer jindw. A security vulnerability exists in XMLDOM versions prior to 0.8.3, which stems from the discovery that the p variable of the copy function of the dom.js of the XMLDOM package contains a prototype...

PT-2022-13252 · Chatwoot · Chatwoot

Name of the Vulnerable Software and Affected Versions: chatwoot/chatwoot versions prior to 2.7.0 Description: The issue is related to Cross-site Scripting XSS - DOM, which occurs when an application includes user input in its output without proper validation or escaping, allowing an attacker to...