CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...

SUSE-SU-2025:02366-1 Security update for docker

This update for docker fixes the following issues: Update to Docker 28.2.2-ce bsc1243833, bsc1242114: - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241830. Other bugfixes: - Always clear SUSEConnect sus...

CVE-2025-46959

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the shortdesc property, which is inserted into the DOM as raw HTML without proper escaping. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious content...

OESA-2025-1701 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

Astra Linux – Vulnerability in PHP 8.2

In PHP versions 8.1. up to 8.1.32, 8.2. up to 8.2.28, 8.3. up to 8.3.19, and 8.4. up to 8.4.5, when requesting an HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may result in...

CVE-2025-47049

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue...

CLSA-2025-1749505823 gcc: Fix of CVE-2020-11023

CVE-2020-11023: sanitize HTML content passed to DOM manipulation methods to prevent execution of untrusted code...

Razer Synapse 4 安全漏洞

Razer Synapse 4 is an application from the American company Razer, Inc. cloud-based unified hardware configuration tool. A security vulnerability exists in Razer Synapse 4 4.0.86.2502180127 and prior versions, which stems from a COM interface vulnerability that could lead to local elevation of...

HCL Traveler 代码问题漏洞

HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. A security vulnerability exists in HCL Traveler for Microsoft Outlook that stems from vulnerability to COM hijacking attac...

CVE-2024-49232

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in derethor El mejor Cluster mejorcluster allows DOM-Based XSS.This issue affects El mejor Cluster: from n/a through = 1.1.15...

CVE-2023-26446

The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker woul...

CVE-2023-31138

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an obje...

CVE-2023-30454

An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...

CVE-2021-26587

A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software...

CVE-2020-1311

An elevation of privilege vulnerability exists when Component Object Model COM client uses special case IIDs, aka 'Component Object Model Elevation of Privilege Vulnerability'...

php: libxml streams use wrong content-type header when requesting a redirected resource

A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...

VMware Aria Automation 安全漏洞

VMware Aria Automation is a modern workflow automation platform from VMware that simplifies and automates complex data center infrastructure tasks to improve scalability and agility. A security vulnerability exists in VMware Aria Automation that originates from DOM-type cross-site scripting and...

AZL-61750 CVE-2025-22872 affecting package yq 4.45.1-1

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-60450 CVE-2025-22872 affecting package keda for versions less than 2.14.1-7

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...