USN-5245-1: Apache Maven vulnerability

It was discovered that Apache Maven followed repositories that are defined in a dependency's Project Object Model pom even if the repositories weren't encrypted http protocol. An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service...

CVE-2017-20117

A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting DOM. The attack can be launched remotely. The exploit has been disclos...

titra 跨站脚本漏洞

titra is a modern open source time tracking project for freelancers and small teams. A cross-site scripting vulnerability exists in versions prior to titra 0.77.0, which stems from DOM stored cross-site scripting XSS...

CVE-2022-1430

Cross-site Scripting XSS - DOM in GitHub repository octoprint/octoprint prior to 1.8.0...

PYSEC-2022-200

Cross-site Scripting XSS - DOM in GitHub repository octoprint/octoprint prior to 1.8.0...

GHSA-8X8P-MFWV-9FJW Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM...

materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

CVE-2022-25349

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

Cross site scripting

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

CVE-2022-25349 Cross-site Scripting (XSS)

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

CVE-2022-25349

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

The vulnerability of the XML DOM implementation lies in the lack of mechanisms for encoding or escaping output data, allowing attackers to compromise the integrity of the data.

The vulnerability of the XML DOM implementation is related to improper filtering of special characters. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

CVE-2022-0776

Cross-site Scripting XSS - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0...

CVE-2022-23647

A Cross-site scripting attack was found in Prism. The command-line plugin did not properly escape its output. This issue leads to the input text being inserted into the Document Object Model DOM as HTML code, which can be exploited by an attacker...

CVE-2022-0437

Cross-site Scripting XSS - DOM in NPM karma prior to 6.3.14...

Cross-site Scripting (XSS)

Overview materialize-css is a CSS Framework based on Material Design. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. Thi...

Vulnerability of software programs with DOM functions to bypass CAPTCHA; ReCaptcha solvers that allow hackers to gain full control over the browser.

The vulnerability of DOM-based software for bypassing CAPTCHA systems is related to the lack of security measures taken to protect the structure of web pages. Exploiting this vulnerability can allow a hacker to gain full control over the browser...

Vulnerability of the Microsoft COM component in the Windows operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Microsoft COM component in the Windows operating system is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2021-42275

Microsoft COM for Windows Remote Code Execution Vulnerability...

json-c security and bug fix update

An update is available for json-c. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list JSON-C implements a reference counting object model that allows users to easil...