Lucene search
+L

4416 matches found

Hacker One
Hacker One
added 2017/01/24 3:45 p.m.29 views

Algolia: [github.algolia.com] DOM Based XSS github-btn.html

Description === Vulnerable parameter: user Vulnerable script: https://github.algolia.com/github-btn.html Vulnerable code: js var params = function for var t, e = , o = window.location.href.slicewindow.location.href.indexOf"?" + 1.split"&", r = 0; r HTMLHTMLHTMLHTMLHTMLHTML&type=follow PoC 2 XSS f...

7.5AI score
Exploits0
Hacker One
Hacker One
added 2017/01/24 12:14 p.m.32 views

Ubiquiti Inc.: [nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html

Description === Vulnerable parameter: user Vulnerable script: http://nutty.ubnt.com/github-btn.html Vulnerable code: js var params = function var vars = , hash; var hashes = window.location.href.slicewindow.location.href.indexOf'?' + 1.split'&'; forvar i = 0; i HTMLHTMLHTMLHTMLHTMLHTML&type=follo...

7.5AI score
Exploits0
OSV
OSV
added 2017/01/24 7:59 a.m.3 views

CVE-2017-2929

Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution...

6.1CVSS5.8AI score0.04043EPSS
Exploits0References3
Prion
Prion
added 2017/01/24 7:59 a.m.17 views

Cross site scripting

Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution...

4.3CVSS5.9AI score0.04043EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/01/24 7:40 a.m.23 views

CVE-2017-2929

Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution...

6AI score0.04043EPSS
Exploits0References3
CVE
CVE
added 2017/01/24 7:40 a.m.59 views

CVE-2017-2929

The CVE-2017-2929 entry concerns Adobe Acrobat extension for Chrome (version 15.1.0.3 and earlier). The connected sources confirm a DOM-based cross-site scripting vulnerability that can lead to JavaScript code execution in the context of the affected page due to improper input validation within t...

6.1CVSS5.9AI score0.04043EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2017/01/07 9:35 p.m.16 views

Slack: dom xss in https://www.slackatwork.com

https://www.slackatwork.com/wp-content/themes/twentyfifteen/genericons//example.html1...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2016/12/17 7:29 a.m.22 views

Discourse: DOM Based XSS in Discourse Search

Steps to Reproduce: 1. Load http://try.discourse.org 2.Now From Top Right Corner Click on Search Button 3. Enter payload their Payload: @prompt1337gmail.com 4: Now in new windows that opens click on advance search and The XSS will Occur : 5: Now copy the link and send to victim there the XSS will...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/12/16 12:0 a.m.65 views

Horos 2.1.0 Cross Site Scripting

Horos 2.1.0 Web Portal DOM Based XSS Vendor: Horos Project Product web page: https://www.horosproject.org Affected version: 2.1.0 Summary: HorosaC/ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.101 views

Horos 2.1.0 Web Portal DOM Based XSS

Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description Horos suffers from a DOM-based XSS vulnerabili...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.108 views

OsiriX Web Portal 8.0.1 DOM Based XSS

Summary With high performance and an intuitive interactive user interface, OsiriX MD is the most widely used DICOM viewer in the world. It is the result of more than 10 years of research and development in digital imaging. It fully supports the DICOM standard for an easy integration in your...

6.1AI score
Exploits0
0day.today
0day.today
added 2016/12/16 12:0 a.m.52 views

Horos 2.1.0 Cross Site Scripting Vulnerability

Exploit for macOS platform in category dos / poc Horos 2.1.0 Web Portal DOM Based XSS Vendor: Horos Project Product web page: https://www.horosproject.org Affected version: 2.1.0 Summary: HorosaC/ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully...

7AI score
Exploits0
Hacker One
Hacker One
added 2016/12/15 12:56 p.m.34 views

U.S. Dept Of Defense: DOM Based XSS on an Army website

A U.S. Army website was vulnerable to a DOM based cross-site scripting attack which may be used to trick a web user into executing a malicious script, potentially revealing a user's browser cookies or modify web content. juliocesar was able to demonstrate this vulnerability by crafting a speciall...

1.5AI score
Exploits0
Hacker One
Hacker One
added 2016/12/09 1:44 p.m.17 views

Informatica: [kb.informatica.com] DOM based XSS in the bindBreadCrumb function

The bindBreadCrumb function, which is called after the document is loaded: javascript $document.readyfunction bindBreadCrumb; ; has the following insecure link assignments, that use non-encoded URL values: javascript strChild = "Search Results"; strChild = "Search Results"; strChild = "Search...

Exploits0
Hacker One
Hacker One
added 2016/12/04 10:44 a.m.30 views

Starbucks: Dom Based Xss DIV.innerHTML parameters store.starbucks*

Hi! this subdomain store.starbucks vulnerable to dom based xss. you are using the vulnerable library jQuery.V1101 parameters location.hash DIV.innerHTML . Vulnerable all subdomains store.starbucks It works Chrome,and IE 11 the current version POC...

0.7AI score
Exploits0
ThreatPost
ThreatPost
added 2016/11/02 5:36 p.m.13 views

Unpatched Vulnerability on Wix.com Puts Millions of Sites at Risk

Update Cloud-based web host Wix.com is vulnerable to a DOM-based cross-site scripting vulnerability that can give attackers control over any of the millions of websites hosted on the platform. “Simply by adding a single parameter to any site created on Wix, the attacker can cause their JavaScript...

5.9AI score
Exploits0References3
Hacker One
Hacker One
added 2016/09/29 8:28 a.m.40 views

Rockstar Games: DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request

Hi, I have found a reflected XSS issue in http://www.rockstargames.com/newswire/tags which is , IMO , somekinda tricky. PoC: - URL: http://www.rockstargames.com/newswire/tags/?tags=%2e%2e%2e%2e%2e%2e\commentsdal\users\getGlobalLoginSettings%2ejson?callback=alert%2fxss%2f;%2f%2f - Vulnerable...

6.4AI score
Exploits0
Hacker One
Hacker One
added 2016/09/13 10:48 p.m.40 views

SecNews: DOM based XSS in search functionality

Overview === Search query is inserted into the HTML of the page without proper encoding. Specifically, a single-quote is not html-encoded albeit escaped, even twice, which allows the attacker to break out of the HTML attribute and inject arbitrary tags. html curl -s...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2016/08/31 7:8 p.m.33 views

Open-Xchange: OX Guard: DOM Based Cross-Site Scripting (#2)

Summary OX Guard's "Guest Reader" is vulnerable to DOM Based XSS. While this report is closely related to 158853, it is not a duplicate. I've had a look at the code introduced by commit 7fdbd307662f0041ed5e45b2f73c6530b79c6124, which I believe was supposed to protect against 158853. Today's repor...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2016/08/24 12:0 a.m.61 views

AlienVault USM/OSSIM 5.2 Cross Site Scripting

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: AlienVault USM/OSSIM Vendor URL: www.alienvault.com Type: Cross-Site Scripting CWE-79 Date found: 2016-05-24 Date published: 2016-08-23 CVSSv3 Score: 5.4...

3.5CVSS0.1AI score0.0092EPSS
Exploits3
Rows per page
Query Builder