5661 matches found
CVE-2021-24014
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters...
CVE-2021-24014
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters...
FortiSandbox - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters...
Cross site scripting
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Stored Cross-site Scripting' vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all...
CVE-2021-31832
CVE-2021-31832 affects McAfee Data Loss Prevention Endpoint (DLP) for Windows prior to version 11.6.200, due to improper neutralization of input in the ePO administrator extension’s alert configuration text field. The vulnerability allows a remote ePO DLP administrator to inject JavaScript into t...
CVE-2021-31830
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized...
CVE-2021-31830
CVE-2021-31830 affects McAfee Database Security (DBSec) prior to 4.8.2. The issue is an XSS vulnerability caused by improper neutralization of input in the web page generation when an administrator configures the name of a database to monitor. Triggering condition: when any authorized user logs i...
CVE-2021-21087
Adobe ColdFusion is affected by CVE-2021-21087: an Improper Neutralization of Input During Web Page Generation (XSS) in CF2016 (before 2016u17), CF2018 (before 2018u11), and CF2021 (before 2021u1). The vulnerability allows an attacker to execute arbitrary JavaScript in the context of the current ...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
Problem It has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. Solution Update to TYPO3 versions 10.4.14 or 11.1.1 that fix the...
CVE-2021-25313
A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6...
CVE-2020-15937
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack XSS via the IPS and WAF logs dashboard...
Advantech Spectre RT Industrial Routers
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: Spectre RT Industrial Routers Vulnerabilities: Improper Neutralization of Input During Web Page Generation, Cleartext Transmission of Sensitive Information, Improper...
CVE-2021-23885 Privilege escalation vulnerability in McAfee Web Gateway (MWG) UI
Privilege escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page...
CVE-2020-8031
A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prio...
CVE-2020-8031
CVE-2020-8031 affects Open Build Service, with versions prior to 2.10.8 vulnerable to a Cross-site Scripting issue where remote attackers can store JavaScript in markdown that is not properly escaped, impacting confidentiality and integrity. The vulnerability is tied to improper input neutralizat...
CVE-2020-8031
A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prio...
CVE-2021-22122
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload in different vulnerable API...
Cross site scripting
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload in different vulnerable API...
CVE-2021-22122
Fortinet FortiWeb is affected by CVE-2021-22122 due to an improper neutralization of input during web page generation, enabling an unauthenticated, remote attacker to perform a reflected XSS attack. Affected products are FortiWeb GUI versions 6.3.0 through 6.3.7 and versions before 6.2.4. The vul...