1275 matches found
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
CVE-2025-24578
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ElementInvader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.0...
PT-2025-5414 · Pagelayer · Pagelayer
Name of the Vulnerable Software and Affected Versions: PageLayer versions 1.9.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means that an attacker could potentially inject malicious scripts into...
CVE-2025-23642
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pflonk Sidebar-Content from Shortcode sidebar-content-from-shortcode allows DOM-Based XSS.This issue affects Sidebar-Content from Shortcode: from n/a through = 2.0...
CVE-2025-23641
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PowieT Powie's pLinks PagePeeker plinks allows DOM-Based XSS.This issue affects Powie's pLinks PagePeeker: from n/a through = 1.0.2...
PT-2025-5175 · Unknown · Progress Tracker
Name of the Vulnerable Software and Affected Versions: Progress Tracker versions 0.9.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means that an attacker could potentially inject malicious scrip...
CVE-2025-21288
Windows COM Server Information Disclosure Vulnerability...
PT-2025-4194 · Microsoft · Com +1
Name of the Vulnerable Software and Affected Versions: Microsoft COM for Windows affected versions not specified Description: An elevation-of-privilege issue affects the system, allowing attackers to elevate their privileges. Recommendations: At the moment, there is no information about a newer...
Microsoft Windows COM 安全漏洞
Microsoft Windows COM is a technology for the purpose of reusing software from Microsoft Corporation USA.COM is described as a platform-independent, decentralized, object-oriented system for creating interactive binary software components. A security vulnerability exists in Microsoft Windows COM...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the web page structure when processing DOM elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the web page structure when processing DOM elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the web page structure when processing DOM elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the web page structure when processing DOM elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the web page structure when processing DOM elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
PT-2024-36231 · Skt Themes · Skt Themes Barter
Name of the Vulnerable Software and Affected Versions: SKT Themes Barter versions 1.6 and below Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability, specifically DOM-Based XSS. This problem occur...
CVE-2024-52844
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user inpu...
CVE-2024-52823
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user inpu...