5661 matches found
CVE-2020-15940
FortiClientEMS (versions <= 6.4.1 and
FortiAnalyzer - XSS vulnerability
An improper neutralization of input during web page generation CWE-79 in FortiAnalyzer may allow an attacker to perform a stored Cross Site Scripting XSS attack via specifically crafted requests to the web GUI...
Grav 跨站脚本漏洞
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms, and one-page product presentations. A cross-site scripting vulnerability exists in grav, which stems from the vulnerability of grav to incorrect input neutralization "cross-site scripting"...
Cross-site Scripting in snipe-it
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Cross site scripting
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-29679
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include SSI directive. IBM X-Force ID: 199915...
IBM Cognos Analytics 代码注入漏洞
A remote code execution vulnerability exists in IBM Cognos Analytics version 11.1.7, 11.2.0, a suite of business intelligence software from IBM Corporation that provides valuable information, secure data governance, and reporting. The vulnerability stems from incorrect neutralization of...
CVE-2021-36175
An improper neutralization of input vulnerability CWE-79 in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device...
CVE-2021-24021
An improper neutralization of input vulnerability CWE-79 in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the column settings of Logview in FortiAnalyzer, should the...
CVE-2021-24021
Fortinet FortiAnalyzer contains an input handling flaw (CWE-79) that enables a stored XSS via the Logview column settings. A remote authenticated attacker who can obtain the relevant POST request could trigger the vulnerability. Affected versions are 6.4.3 and below, 6.2.7 and below, and 6.0.10 a...
btcpay server 跨站脚本漏洞
btcpay server is a free and open source bitcoin payment processor that allows you to accept bitcoins without fees or intermediaries. A cross-site scripting vulnerability exists in btcpay server. The vulnerability stems from the susceptibility to incorrect input neutralization "cross-site scriptin...
CVE-2021-36823
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin WordPress plugin allows Stored XSS.This issue affects AGCA - Absolutely Glamorous Custom Admin WordPress plugin: from n/a through 6.8...
GHSA-CPQ8-X35G-M439 Cross-site Scripting in yourls
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in arbitrary path handling...
CVE-2021-3812
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Pi-Hole Adminlte 跨站脚本漏洞
Pi-Hole Adminlte is a Pi-Hole control panel. It is used for statistical More... Pi-Hole adminlte suffers from a cross-site scripting vulnerability that stems from the vulnerability to incorrect neutralization of input during web page generation "cross-site scripting"...
CVE-2021-3780
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
btcpay server 跨站脚本漏洞
btcpay server is a free and open source bitcoin payment processor that allows you to accept bitcoins without fees or intermediaries. The btcpay server suffers from a cross-site scripting vulnerability that arises from the vulnerability to incorrect neutralization of input during web page generati...
CVE-2021-32597
Multiple improper neutralization of input during web page generation CWE-79 in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious paylo...
CVE-2021-32597
CVE-2021-32597 concerns a cross-site scripting (XSS) vulnerability in Fortinet’s FortiManager and FortiAnalyzer. The connected sources identify a vulnerability in the user interface that can allow a remote authenticated attacker to perform a Stored XSS by injecting a malicious payload into GET pa...
CVE-2021-24014
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters...