CVE-2024-52823

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user inpu...

CVE-2024-43738

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web...

CVE-2024-43720

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, an attacker can...

CVE-2024-43721

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user inpu...

CVE-2024-43715

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user inpu...

CVE-2024-43712

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a user-controllable source is improperly sanitize...

PT-2024-9939 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: A DOM-based Cross-Site Scripting XSS issue affects Adobe Experience Manager, allowing an attacker to execute arbitrary code in the context of the victim's browser session. This...

CVE-2024-53823

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.14...

PT-2024-35885 · Praca.Pl Sp. Z O.O. · Praca.Pl

Name of the Vulnerable Software and Affected Versions: Praca.Pl sp. Z o.O. Znajdź Pracę z Praca.Pl versions n/a through 2.2.3 Description: The issue affects Praca.Pl sp. Z o.O. Znajdź Pracę z Praca.Pl, allowing DOM-Based XSS due to improper neutralization of input during web page generation. This...

DEBIAN-CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

PT-2024-34970 · Unknown · Sazzad Hu Image Carousel Shortcode

Name of the Vulnerable Software and Affected Versions: Sazzad Hu Image Carousel Shortcode versions 1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This means that the...

PT-2024-35040 · Unknown · Gonzalo Geraldo Adventure Bucket List

Name of the Vulnerable Software and Affected Versions: Gonzalo Geraldo Adventure Bucket List versions 1.0.0 through 1.0.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for DOM-Based XSS, which can ...

PT-2024-34333 · Sided · Sided

Name of the Vulnerable Software and Affected Versions: Sided versions n/a through 1.4.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This enables potential attackers to inject maliciou...

PT-2024-34323 · Auburnforest · Datamentor

Name of the Vulnerable Software and Affected Versions: Auburnforest DataMentor versions n/a through 1.7 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS. This means that an attacke...

PT-2024-35064 · Azonbox · Azonbox

Name of the Vulnerable Software and Affected Versions: AzonBox versions 1.1.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means that an attacker could potentially inject malicious scripts into t...

PT-2024-35050 · Freshlight · Freshlight Lab Pay With Stripe

Name of the Vulnerable Software and Affected Versions: Freshlight Lab Pay With Stripe versions 1.2.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This means that an attacke...

PT-2024-35003 · Unknown · Matorel Multi-Day Booking Calendar

Name of the Vulnerable Software and Affected Versions: matorel Multi-day Booking Calendar versions n/a through 1.0.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an...

PT-2024-35189 · Unknown · Aa Audio Player

Name of the Vulnerable Software and Affected Versions: AA Audio Player versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a DOM-Based XSS vulnerability. This means...

Calibre-Web 跨站脚本漏洞

Calibre-Web is a web application for browsing, reading, and downloading eBooks from the Calibre database by Jan B, an individual developer. Calibre-Web suffers from a cross-site scripting vulnerability that originates from inserting user input directly into the DOM without proper cleanup. An...

CVE-2024-52353

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Gabriel Serafini Christian Science Bible Lesson Subjects allows DOM-Based XSS.This issue affects Christian Science Bible Lesson Subjects: from n/a through 2.0...