cd80
/ gist:8e41a17bc0c2113f6347581cec726d11
Last active
February 14, 2024 07:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - CVE ID | |
| Not assigned yet | |
| - Name of affected product and versions | |
| https://github.com/web-platform-tests/wpt | |
| version <= commit 938e843 | |
| - Problem type | |
| Attacker can execute arbitrary javascript code in victim's browser by sending specifically crafted url that exploits DOM based XSS in /dom/ranges/Range-test-iframe.html. |
cd80
/ gist:44d2d0785af352bf41676b0f545faf89
Last active
February 14, 2024 07:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - CVE ID | |
| CVE-2024-24055 | |
| - Name of affected product and versions | |
| https://github.com/anuraghazra/Verly.js | |
| version <= v1.3.0 | |
| - Problem type | |
| Attacker can execute arbitrary javascript code in victim's browser by sending specifically crafted url that exploits DOM based XSS in /index.js. |
cd80
/ gist:89527424f733b2b82de876e02d163150
Last active
February 14, 2024 07:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - CVE ID | |
| Not assigned yet | |
| - Name of affected product and versions | |
| https://github.com/stewdio/beep.js | |
| version <= commit ef22ad7 | |
| - Problem type | |
| Attacker can execute arbitrary javascript code in victim's browser by sending specifically crafted url that exploits DOM based XSS in beep/Beep.Instrument.js. |
cd80
/ gist:87b41cf58ba04564d55f4a26152bf0a9
Last active
February 14, 2024 07:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - CVE ID | |
| Not assigned yet | |
| - Name of affected product and versions | |
| https://github.com/jstrieb/urlpages | |
| version <= commit 035b647 | |
| - Problem type | |
| Attacker can execute arbitrary javascript code in victim's browser by sending specifically crafted url that exploits DOM based XSS in /index.html. |
cd80
/ gist:32c8df129c0efe36cae27cd2fcc85fef
Last active
February 14, 2024 07:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - CVE ID | |
| CVE-2024-24052 | |
| - Name of affected product and versions | |
| https://github.com/clappr/clappr | |
| version <= 0.5.0 | |
| - Problem type | |
| Attacker can execute arbitrary javascript code in victim's browser by sending specifically crafted url that exploits DOM based XSS in /packages/player/public/index.html. |
cd80
/ gist:50463b0e62067ec861b7006cbf46b068
Last active
February 14, 2024 07:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - CVE ID | |
| Not assigned yet | |
| - Name of affected product and versions | |
| https://github.com/tabatkins/railroad-diagrams | |
| version <= commit ea9a123 | |
| - Problem type | |
| Attacker can execute arbitrary javascript code in victim's browser by sending specifically crafted url that exploits DOM based XSS in /generator.html. |
cd80
/ gist:5b7702ffbfc8531f30b56356a4a7f4dd
Last active
November 17, 2023 07:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - CVE ID | |
| CVE-2023-47417 | |
| - Name of affected product and versions | |
| github.com/paulrouget/dzslides | |
| All versions after 2011.07.25 | |
| - Problem type | |
| Attacker can execute arbitrary javascript code in victim's browser by sending specifically crafted url that exploits DOM based XSS in shells/embedder.html. |
cd80
/ gist:33ab71cc49c42feb55de3e574753320f
Last active
January 12, 2024 01:52
CesiumJS v1.111 DOM based XSS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - CVE ID | |
| CVE-2023-48094 | |
| - Name of affected product and versions | |
| https://github.com/CesiumGS/cesium | |
| version <= 1.111 | |
| - Problem type | |
| Attacker can execute arbitrary javascript code in victim's browser by sending specifically crafted url that exploits DOM based XSS in Apps/Sandcastle/standalone.html. |
cd80
/ gist:a75b618419d5afb137cd5a29e8156420
Created
November 7, 2023 09:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - CVE ID | |
| CVE-2023-46492 | |
| - Name of affected product and versions | |
| github.com/mldbai/mldb | |
| version <= 2017.04.17.0 | |
| - Problem type | |
| Attacker can execute arbitrary javascript code in victim's browser by sending specifically crafted url that exploits DOM based XSS in container_files/public_html/doc/index.html. |