Category: window.location.hash

DOM XSS, location.hash, Stored XSS, Same Origin Policy, CoTS Scanners

Dear – Your CSP doesn’t report Stored XSS, its inside SOP. You append my location.hash to your Document and Save the URL in Dash. #DOMXSS TL;DR DOM XSS testing via location.hash is hard to Automate; Get a Bug Bounty or Publish a CVD XSS – Cross Site Scripting 101 DOM XSS begins at window.location.hash ‘#’ […]

CVE-2014-4406, APPLE-SA-2014-09-17-5 OS X Server 3.2.1, DOM XSS, window.location.hash

CVE-2014-4406, APPLE-SA-2014-09-17-5 OS X Server 3.2.1, DOM XSS, window.location.hash Keywords Cross-Site Scripting (XSS), Document Object Model (DOM), window.location.hash, User Agent Exploitation, Proof of Concept (PoC), CVE-2014-4406, APPLE-SA-2014-09-17-5 OS X Server 3.2.1, XCode Server, CVE-2013-1034, SVG, toString, innerHTML CVE-2014-4406 Summary Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 […]