19 matches found
EUVD-2021-27283
Malware in sbrugna...
EUVD-2022-47945
Malicious code in bioql PyPI...
GHSA-9Q4R-X2HJ-JMVR copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata
Summary An unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. Details Multimedia metadata is rendered in the web-app without sanitization. This can be exploited in two way...
CVE-2025-53892 Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror
Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...
CVE-2025-50033
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sparklewpthemes Fitness Park fitness-park allows DOM-Based XSS.This issue affects Fitness Park: from n/a through = 1.1.1...
CVE-2025-47102
Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability...
CVE-2025-23890
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tom Ewer Easy Tweet Embed easy-tweet-embed allows DOM-Based XSS.This issue affects Easy Tweet Embed: from n/a through = 1.7...
CVE-2021-40094
A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device...
PT-2025-17796 · Unknown · Peadig'S Google +1 Button
Name of the Vulnerable Software and Affected Versions: Peadig’s Google +1 Button versions 0.1.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This can be exploited through the Peadig’s Google +1 Button...
CVE-2025-31419
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeix Churel allows DOM-Based XSS.This issue affects Churel: from n/a through 1.0.8...
CVE-2025-30786 WordPress Quotes llama plugin <= 3.1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in oooorgle Quotes llama quotes-llama allows DOM-Based XSS.This issue affects Quotes llama: from n/a through = 3.1.0...
copyparty renders unsanitized filenames as HTML when user uploads empty files
Summary A DOM-Based XSS was discovered in copyparty, a portable fileserver. The vulnerability is considered low-risk. Details By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the...
CVE-2020-6847
OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript...
PT-2024-21387 · Tabatkins · Railroad-Diagrams
Name of the Vulnerable Software and Affected Versions: tabatkins/railroad-diagrams versions before commit ea9a123 Description: A DOM based cross-site scripting XSS vulnerability in the component generator.html of tabatkins/railroad-diagrams allows attackers to execute arbitrary Javascript via...
CVE-2023-48591
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-48609 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2021-21576
Dell EMC iDRAC9 is affected by a DOM-based cross-site scripting (XSS) vulnerability in versions prior to 4.40.40.00. The issue enables an attacker to cause client-side code execution by persuading a user to click a specially crafted link, with user interaction required. The CVSS details indicate ...
Cross site scripting
In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...
Social Book Facebook Clone Script Cross Site Scripting
Exploit Title: Social Book Facebook Clone Script Reflected XSS Vulnerability Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE XSS can be done using the command input Vulnerable Page: signup.php lostpass.php login.php...