Tag
high
advisory
ethyca-fides fides.js DOM-based XSS Vulnerability
2 rules 1 TTPA DOM-based XSS vulnerability (CVE-2026-44541) exists in ethyca-fides' fides.js script, allowing arbitrary JavaScript execution in the embedding site's origin via crafted links when HTML-formatted descriptions are enabled.
fides.js +1
xss
dom-xss
ghsa
ethyca-fides
2r
1t
high
advisory
locize Client SDK Cross-Origin DOM XSS and Handler Hijack Vulnerability
2 rules 1 TTPThe locize client SDK versions prior to 4.0.21 are vulnerable to cross-origin DOM XSS and handler hijack due to missing origin validation in the InContext Editor, allowing attackers to inject malicious code and exfiltrate data via crafted postMessage events.
locize client SDK
xss
dom-xss
postMessage
locize
javascript
2r
1t