Lucene search
K

5661 matches found

CVE
CVE
added 2021/11/02 5:49 p.m.55 views

CVE-2020-15940

FortiClientEMS (versions <= 6.4.1 and

5.4CVSS5.2AI score0.00711EPSS
Exploits0References1Affected Software1
Fortinet
Fortinet
added 2021/11/02 12:0 a.m.30 views

FortiAnalyzer - XSS vulnerability

An improper neutralization of input during web page generation CWE-79 in FortiAnalyzer may allow an attacker to perform a stored Cross Site Scripting XSS attack via specifically crafted requests to the web GUI...

3.5CVSS5.2AI score0.00451EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2021/10/27 12:0 a.m.3 views

Grav 跨站脚本漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms, and one-page product presentations. A cross-site scripting vulnerability exists in grav, which stems from the vulnerability of grav to incorrect input neutralization "cross-site scripting"...

6.3CVSS5.9AI score0.00573EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/10/21 5:49 p.m.46 views

Cross-site Scripting in snipe-it

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.1CVSS6.2AI score0.00764EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2021/10/19 1:15 p.m.16 views

Cross site scripting

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

4.3CVSS6.2AI score0.00764EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/10/15 4:15 p.m.3 views

CVE-2021-29679

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include SSI directive. IBM X-Force ID: 199915...

8.8CVSS5.7AI score0.01936EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/10/15 12:0 a.m.4 views

IBM Cognos Analytics 代码注入漏洞

A remote code execution vulnerability exists in IBM Cognos Analytics version 11.1.7, 11.2.0, a suite of business intelligence software from IBM Corporation that provides valuable information, secure data governance, and reporting. The vulnerability stems from incorrect neutralization of...

8.8CVSS6.6AI score0.01936EPSS
Exploits0References3
NVD
NVD
added 2021/10/06 10:15 a.m.14 views

CVE-2021-36175

An improper neutralization of input vulnerability CWE-79 in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device...

5.4CVSS0.0058EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/10/06 9:45 a.m.18 views

CVE-2021-24021

An improper neutralization of input vulnerability CWE-79 in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the column settings of Logview in FortiAnalyzer, should the...

4.3CVSS5.2AI score0.00641EPSS
Exploits0References1
CVE
CVE
added 2021/10/06 9:45 a.m.56 views

CVE-2021-24021

Fortinet FortiAnalyzer contains an input handling flaw (CWE-79) that enables a stored XSS via the Logview column settings. A remote authenticated attacker who can obtain the relevant POST request could trigger the vulnerability. Affected versions are 6.4.3 and below, 6.2.7 and below, and 6.0.10 a...

5.4CVSS4.9AI score0.00641EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/09/26 12:0 a.m.3 views

btcpay server 跨站脚本漏洞

btcpay server is a free and open source bitcoin payment processor that allows you to accept bitcoins without fees or intermediaries. A cross-site scripting vulnerability exists in btcpay server. The vulnerability stems from the susceptibility to incorrect input neutralization "cross-site scriptin...

5.4CVSS4.8AI score0.00542EPSS
Exploits1References3
NVD
NVD
added 2021/09/23 5:15 p.m.11 views

CVE-2021-36823

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin WordPress plugin allows Stored XSS.This issue affects AGCA - Absolutely Glamorous Custom Admin WordPress plugin: from n/a through 6.8...

8.2CVSS0.00717EPSS
Exploits0References1
OSV
OSV
added 2021/09/20 8:43 p.m.18 views

GHSA-CPQ8-X35G-M439 Cross-site Scripting in yourls

yourls is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in arbitrary path handling...

6.6CVSS6.2AI score0.00673EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/09/17 7:15 a.m.2 views

CVE-2021-3812

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.7CVSS6.7AI score0.00532EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/09/17 12:0 a.m.3 views

Pi-Hole Adminlte 跨站脚本漏洞

Pi-Hole Adminlte is a Pi-Hole control panel. It is used for statistical More... Pi-Hole adminlte suffers from a cross-site scripting vulnerability that stems from the vulnerability to incorrect neutralization of input during web page generation "cross-site scripting"...

6.7CVSS6.5AI score0.00532EPSS
Exploits1References3
NVD
NVD
added 2021/09/15 12:15 p.m.9 views

CVE-2021-3780

peertube is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

7.6CVSS0.0087EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/10 12:0 a.m.2 views

btcpay server 跨站脚本漏洞

btcpay server is a free and open source bitcoin payment processor that allows you to accept bitcoins without fees or intermediaries. The btcpay server suffers from a cross-site scripting vulnerability that arises from the vulnerability to incorrect neutralization of input during web page generati...

6.1CVSS5.1AI score0.00746EPSS
Exploits1References3
NVD
NVD
added 2021/08/06 11:15 a.m.19 views

CVE-2021-32597

Multiple improper neutralization of input during web page generation CWE-79 in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious paylo...

5.4CVSS0.00599EPSS
Exploits0References1
CVE
CVE
added 2021/08/06 10:48 a.m.54 views

CVE-2021-32597

CVE-2021-32597 concerns a cross-site scripting (XSS) vulnerability in Fortinet’s FortiManager and FortiAnalyzer. The connected sources identify a vulnerability in the user interface that can allow a remote authenticated attacker to perform a Stored XSS by injecting a malicious payload into GET pa...

5.4CVSS5AI score0.00599EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2021/08/04 7:15 p.m.4 views

CVE-2021-24014

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters...

6.1CVSS5.8AI score0.00614EPSS
Exploits0References1
Rows per page
Query Builder