CVE-2026-25972

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters...

EUVD-2026-10533

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters...

CVE-2025-2697 IBM Cognos Command Center HTTP Open Redirect

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to...

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating collaborative Web applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform version 6.2-milestone-1 and earlier, which stems from a vulnerability that allows an attacker to spoof a URL to inject...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Xwiki Platform 跨站请求伪造漏洞

XWiki Platform is a generic wiki platform that provides runtime services for applications built on it. XWiki Platform is vulnerable to cross-site request forgery, which can be exploited by attackers to reset the password of any user in XWiki via a spoofed URL...

CVE-2019-4166

IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that...

Google Chrome Omnibox Read Out-of-Bounds Vulnerability

Google Chrome is a web browser from Google, Inc. and Omnibox is a real-time search engine. A security vulnerability exists in Omnibox in versions of Google Chrome prior to 74.0.3729.108. An attacker can exploit this vulnerability by tricking users into visiting a specially crafted website with a...

CVE-2017-1449

IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a maliciou...