Lucene search
K

5661 matches found

OSV
OSV
added 2020/03/13 4:15 p.m.4 views

CVE-2019-6699

An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting XSS via a field in the traffic group interface...

5.4CVSS6.1AI score0.00545EPSS
Exploits0References1
NVD
NVD
added 2020/03/12 10:15 p.m.11 views

CVE-2020-6643

An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack XSS...

5.4CVSS5.1AI score0.0084EPSS
Exploits0References1
OSV
OSV
added 2020/03/12 10:15 p.m.2 views

CVE-2020-6643

An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack XSS...

5.4CVSS5.3AI score0.0084EPSS
Exploits0References1
OSV
OSV
added 2020/01/28 7:15 p.m.2 views

CVE-2019-4635

IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011...

2.7CVSS6.1AI score0.00937EPSS
Exploits0References2
Prion
Prion
added 2020/01/28 7:15 p.m.11 views

Command injection

IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011...

4CVSS5.2AI score0.00937EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/01/28 1:15 a.m.21 views

CVE-2019-17651

An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious JavaScript code into...

5.4CVSS5.2AI score0.00622EPSS
Exploits0References1
Prion
Prion
added 2020/01/07 7:15 p.m.17 views

Cross site scripting

An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack XSS via a parameter of the logon page...

4.3CVSS6AI score0.00698EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2020/01/07 6:22 p.m.13 views

CVE-2019-16154

An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack XSS via a parameter of the logon page...

6AI score0.00698EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/01/07 6:22 p.m.22 views

CVE-2019-16154

An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack XSS via a parameter of the logon page...

6AI score0.00698EPSS
Exploits0References1
Prion
Prion
added 2020/01/03 10:15 p.m.20 views

Cross site scripting

: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling Syst...

4.3CVSS6.2AI score0.00841EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/01/03 10:15 p.m.12 views

Cross site scripting

: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions...

4.3CVSS6.2AI score0.00841EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/01/03 9:55 p.m.25 views

CVE-2019-9542 Telos Automated Message Handling System reflected XSS in itemlookup.asp

: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System...

6.2AI score0.00841EPSS
Exploits0References1
OSV
OSV
added 2019/11/27 2:15 p.m.2 views

CVE-2019-13934

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects: Siemens AG Polarion All versions 19.2...

5.4CVSS6.1AI score0.00521EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.18 views

Rockwellautomation Micrologix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. File data ot500043.nasl...

4.3CVSS3.8AI score0.02836EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.29 views

Rockwellautomation Compactlogix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. File data ot500302.nasl...

4.3CVSS4.2AI score0.07531EPSS
Exploits5References4
CVE
CVE
added 2019/10/04 7:16 p.m.200 views

CVE-2019-11656

CVE-2019-11656 is a Stored XSS vulnerability in Micro Focus ArcSight Logger, affecting versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. The issue arises from improper neutralization of input during web page generation, enabling cross-site scripting. Public sources in the connected documents co...

5.4CVSS5.1AI score0.00644EPSS
Exploits0References1Affected Software1
Fortinet
Fortinet
added 2019/09/23 12:0 a.m.20 views

XSS vulnerability in FortiClientEMS

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system...

4.4AI score0.00269EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/07/17 5:15 p.m.17 views

CVE-2019-1010091

tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab...

6.1CVSS7AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/07/17 5:15 p.m.29 views

CVE-2019-1010091

tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab...

6.1CVSS6.4AI score0.01917EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/07/17 4:35 p.m.39 views

CVE-2019-1010091

tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab...

6.5AI score0.01917EPSS
Exploits1References1
Rows per page
Query Builder