4416 matches found
Algolia: [github.algolia.com] DOM Based XSS github-btn.html
Description === Vulnerable parameter: user Vulnerable script: https://github.algolia.com/github-btn.html Vulnerable code: js var params = function for var t, e = , o = window.location.href.slicewindow.location.href.indexOf"?" + 1.split"&", r = 0; r HTMLHTMLHTMLHTMLHTMLHTML&type=follow PoC 2 XSS f...
Ubiquiti Inc.: [nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html
Description === Vulnerable parameter: user Vulnerable script: http://nutty.ubnt.com/github-btn.html Vulnerable code: js var params = function var vars = , hash; var hashes = window.location.href.slicewindow.location.href.indexOf'?' + 1.split'&'; forvar i = 0; i HTMLHTMLHTMLHTMLHTMLHTML&type=follo...
CVE-2017-2929
Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution...
Cross site scripting
Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution...
CVE-2017-2929
Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution...
CVE-2017-2929
The CVE-2017-2929 entry concerns Adobe Acrobat extension for Chrome (version 15.1.0.3 and earlier). The connected sources confirm a DOM-based cross-site scripting vulnerability that can lead to JavaScript code execution in the context of the affected page due to improper input validation within t...
Slack: dom xss in https://www.slackatwork.com
https://www.slackatwork.com/wp-content/themes/twentyfifteen/genericons//example.html1...
Discourse: DOM Based XSS in Discourse Search
Steps to Reproduce: 1. Load http://try.discourse.org 2.Now From Top Right Corner Click on Search Button 3. Enter payload their Payload: @prompt1337gmail.com 4: Now in new windows that opens click on advance search and The XSS will Occur : 5: Now copy the link and send to victim there the XSS will...
Horos 2.1.0 Cross Site Scripting
Horos 2.1.0 Web Portal DOM Based XSS Vendor: Horos Project Product web page: https://www.horosproject.org Affected version: 2.1.0 Summary: HorosaC/ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X...
Horos 2.1.0 Web Portal DOM Based XSS
Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description Horos suffers from a DOM-based XSS vulnerabili...
OsiriX Web Portal 8.0.1 DOM Based XSS
Summary With high performance and an intuitive interactive user interface, OsiriX MD is the most widely used DICOM viewer in the world. It is the result of more than 10 years of research and development in digital imaging. It fully supports the DICOM standard for an easy integration in your...
Horos 2.1.0 Cross Site Scripting Vulnerability
Exploit for macOS platform in category dos / poc Horos 2.1.0 Web Portal DOM Based XSS Vendor: Horos Project Product web page: https://www.horosproject.org Affected version: 2.1.0 Summary: HorosaC/ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully...
U.S. Dept Of Defense: DOM Based XSS on an Army website
A U.S. Army website was vulnerable to a DOM based cross-site scripting attack which may be used to trick a web user into executing a malicious script, potentially revealing a user's browser cookies or modify web content. juliocesar was able to demonstrate this vulnerability by crafting a speciall...
Informatica: [kb.informatica.com] DOM based XSS in the bindBreadCrumb function
The bindBreadCrumb function, which is called after the document is loaded: javascript $document.readyfunction bindBreadCrumb; ; has the following insecure link assignments, that use non-encoded URL values: javascript strChild = "Search Results"; strChild = "Search Results"; strChild = "Search...
Starbucks: Dom Based Xss DIV.innerHTML parameters store.starbucks*
Hi! this subdomain store.starbucks vulnerable to dom based xss. you are using the vulnerable library jQuery.V1101 parameters location.hash DIV.innerHTML . Vulnerable all subdomains store.starbucks It works Chrome,and IE 11 the current version POC...
Unpatched Vulnerability on Wix.com Puts Millions of Sites at Risk
Update Cloud-based web host Wix.com is vulnerable to a DOM-based cross-site scripting vulnerability that can give attackers control over any of the millions of websites hosted on the platform. “Simply by adding a single parameter to any site created on Wix, the attacker can cause their JavaScript...
Rockstar Games: DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request
Hi, I have found a reflected XSS issue in http://www.rockstargames.com/newswire/tags which is , IMO , somekinda tricky. PoC: - URL: http://www.rockstargames.com/newswire/tags/?tags=%2e%2e%2e%2e%2e%2e\commentsdal\users\getGlobalLoginSettings%2ejson?callback=alert%2fxss%2f;%2f%2f - Vulnerable...
SecNews: DOM based XSS in search functionality
Overview === Search query is inserted into the HTML of the page without proper encoding. Specifically, a single-quote is not html-encoded albeit escaped, even twice, which allows the attacker to break out of the HTML attribute and inject arbitrary tags. html curl -s...
Open-Xchange: OX Guard: DOM Based Cross-Site Scripting (#2)
Summary OX Guard's "Guest Reader" is vulnerable to DOM Based XSS. While this report is closely related to 158853, it is not a duplicate. I've had a look at the code introduced by commit 7fdbd307662f0041ed5e45b2f73c6530b79c6124, which I believe was supposed to protect against 158853. Today's repor...
AlienVault USM/OSSIM 5.2 Cross Site Scripting
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: AlienVault USM/OSSIM Vendor URL: www.alienvault.com Type: Cross-Site Scripting CWE-79 Date found: 2016-05-24 Date published: 2016-08-23 CVSSv3 Score: 5.4...