Lucene search
K

5661 matches found

NVD
NVD
added 2021/08/04 7:15 p.m.19 views

CVE-2021-24014

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters...

6.1CVSS0.00614EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/08/04 6:11 p.m.19 views

CVE-2021-24014

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters...

5.4CVSS6.4AI score0.00614EPSS
Exploits0References1
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.26 views

FortiSandbox - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters...

4.3CVSS6.2AI score0.00614EPSS
Exploits0Affected Software1
Prion
Prion
added 2021/07/21 3:15 p.m.15 views

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Stored Cross-site Scripting' vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all...

3.5CVSS5.7AI score0.00472EPSS
Exploits0References1Affected Software6
CVE
CVE
added 2021/06/09 1:45 p.m.66 views

CVE-2021-31832

CVE-2021-31832 affects McAfee Data Loss Prevention Endpoint (DLP) for Windows prior to version 11.6.200, due to improper neutralization of input in the ePO administrator extension’s alert configuration text field. The vulnerability allows a remote ePO DLP administrator to inject JavaScript into t...

5.2CVSS5.2AI score0.00503EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/06/03 11:15 a.m.15 views

CVE-2021-31830

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized...

5.9CVSS0.00501EPSS
Exploits0References1
Prion
Prion
added 2021/06/03 11:15 a.m.22 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized...

3.5CVSS5AI score0.00501EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/06/03 10:10 a.m.51 views

CVE-2021-31830

CVE-2021-31830 affects McAfee Database Security (DBSec) prior to 4.8.2. The issue is an XSS vulnerability caused by improper neutralization of input in the web page generation when an administrator configures the name of a database to monitor. Triggering condition: when any authorized user logs i...

5.9CVSS5.2AI score0.00501EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/04/15 1:54 p.m.142 views

CVE-2021-21087

Adobe ColdFusion is affected by CVE-2021-21087: an Improper Neutralization of Input During Web Page Generation (XSS) in CF2016 (before 2016u17), CF2018 (before 2018u11), and CF2021 (before 2021u1). The vulnerability allows an attacker to execute arbitrary JavaScript in the context of the current ...

5.4CVSS5.7AI score0.37095EPSS
In wildExploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/23 1:54 a.m.67 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form

Problem It has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. Solution Update to TYPO3 versions 10.4.14 or 11.1.1 that fix the...

5.4CVSS1.7AI score0.00872EPSS
Exploits0References7Affected Software3
NVD
NVD
added 2021/03/05 9:15 a.m.12 views

CVE-2021-25313

A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6...

7.1CVSS0.01498EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/03/03 3:45 p.m.25 views

CVE-2020-15937

An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack XSS via the IPS and WAF logs dashboard...

4.7CVSS6AI score0.00802EPSS
Exploits0References1
ICS
ICS
added 2021/02/23 12:0 a.m.124 views

Advantech Spectre RT Industrial Routers

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: Spectre RT Industrial Routers Vulnerabilities: Improper Neutralization of Input During Web Page Generation, Cleartext Transmission of Sensitive Information, Improper...

9.8CVSS9.9AI score0.01484EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/02/17 9:20 a.m.15 views

CVE-2021-23885 Privilege escalation vulnerability in McAfee Web Gateway (MWG) UI

Privilege escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page...

9CVSS9.7AI score0.01089EPSS
Exploits0References1
OSV
OSV
added 2021/02/11 3:15 p.m.3 views

CVE-2020-8031

A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prio...

5.4CVSS6.8AI score
Exploits0References1
CVE
CVE
added 2021/02/11 3:10 p.m.55 views

CVE-2020-8031

CVE-2020-8031 affects Open Build Service, with versions prior to 2.10.8 vulnerable to a Cross-site Scripting issue where remote attackers can store JavaScript in markdown that is not properly escaped, impacting confidentiality and integrity. The vulnerability is tied to improper input neutralizat...

6.3CVSS5.7AI score0.00748EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2021/02/11 3:10 p.m.21 views

CVE-2020-8031

A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prio...

6.3CVSS6AI score0.00748EPSS
Exploits1
NVD
NVD
added 2021/02/08 4:15 p.m.14 views

CVE-2021-22122

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload in different vulnerable API...

6.1CVSS0.1052EPSS
Exploits0References1
Prion
Prion
added 2021/02/08 4:15 p.m.15 views

Cross site scripting

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload in different vulnerable API...

4.3CVSS6AI score0.1052EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/02/08 3:55 p.m.74 views

CVE-2021-22122

Fortinet FortiWeb is affected by CVE-2021-22122 due to an improper neutralization of input during web page generation, enabling an unauthenticated, remote attacker to perform a reflected XSS attack. Affected products are FortiWeb GUI versions 6.3.0 through 6.3.7 and versions before 6.2.4. The vul...

6.1CVSS6.1AI score0.1052EPSS
In wildExploits0References1Affected Software1
Rows per page
Query Builder