Cross-site Scripting (XSS) - DOM in mrdoob/three.js

Description DOM-based XSS is a vulnerability in which the attacker can inject arbitrary javascript code in any DOM sink that supports dynamic code execution. In our case, source is window.location.hash and sink is iframe.src Proof of Concept 1 Visit...

Cross-Site Scripting (XSS)

mayan-edms is vulnerable to cross-site scripting XSS attacks. The window.location.hash value is passed directly to window.location which allows an attacker to execute arbitrary JavaScript code on a victim's browser...