CVE-2025-48051

powertip.ts in Lila for Lichess before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML...

CVE-2025-48051

powertip.ts in Lila for Lichess before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML...

CVE-2025-48051

powertip.ts in Lila for Lichess before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML...

JS Html Sanitizer allows XSS when used with contentEditable

Impact XSS vulnerability when the sanitizer is used with a contentEditable element to set the elements innerHTML to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. Patches Patched in version 2.0.3...

Red Hat Advanced Cluster Management 跨站脚本漏洞

Red Hat Advanced Cluster Management is a console cluster control software from Red Hat, Inc. A cross-site scripting vulnerability exists in Red Hat Advanced Cluster Management, which stems from the fact that when a table view is rendered in a portal, the front-end generates a DOM table element an...

gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...

GHSA-RH4R-F7F7-R99M gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

GHSA-WV8X-3W6R-6H7V gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...

gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...

CVE-2024-29193

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

CVE-2024-29193 GHSL-2023-207 gotortc DOM-based Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

CVE-2024-29193

CVE-2024-29193 affects gotortc (go2rtc) where DOM-based XSS arises from lack of input sanitization when rendering API data on index.html via innerHTML. Affected versions: 1.8.5 and prior. The index page fetches streams client-side, iterates with Object.entries, and appends the first item with inn...

CVE-2024-29193 GHSL-2023-207 gotortc DOM-based Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

PT-2024-22795 · Gotortc · Gotortc

Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: The issue is related to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being append...

CVE-2024-29154

danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText...

CVE-2024-29154

danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText...

CVE-2024-29154

danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText...

CVE-2024-29154

danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText...