3 matches found
Cross-site Scripting (XSS)
DOMPurify is vulnerable to cross-site scripting XSS. The vulnerability is due to the use of realm-specific instanceof checks when sanitizing DOM nodes from a different same-origin realm, which allows an attacker to bypass sanitization for form attributes, template content, and shadow DOM, leading...
GHSA-H3M5-97JQ-QJRF OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)
Summary OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct Object Reference IDOR in the bulk alarm deletion endpoint. An authenticated user in any realm can delete alarms belonging to other realms tenants by supplying arbitrary alarm IDs. The vulnerability exists because the bulk...
SUSE CVE-2004-0371
Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path...