Lucene search
+L

264 matches found

Prion
Prion
added 2017/09/12 2:29 a.m.26 views

Cross site scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups...

3.5CVSS5.6AI score0.00787EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/09/12 2:29 a.m.4 views

CVE-2017-7735

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups...

5.4CVSS5.9AI score0.00787EPSS
Exploits0References3
NVD
NVD
added 2017/09/12 2:29 a.m.24 views

CVE-2017-7735

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups...

5.4CVSS5.6AI score0.00787EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2017/09/12 2:0 a.m.17 views

CVE-2017-7735

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups...

6.8AI score0.00787EPSS
Exploits0References3
CVE
CVE
added 2017/09/12 2:0 a.m.65 views

CVE-2017-7735

CVE-2017-7735 is a publicly documented Cross‑Site Scripting (XSS) vulnerability affecting Fortinet FortiOS. Affected versions are FortiOS 5.2.0–5.2.11 and 5.4.0–5.4.4. The root cause is improper validation of user-supplied input to the Groups field when creating or editing User Groups, allowing a...

5.4CVSS5.6AI score0.00787EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/09/12 2:0 a.m.31 views

CVE-2017-7735

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups...

5.6AI score0.00787EPSS
Exploits0References3
Hacker One
Hacker One
added 2017/07/09 10:57 p.m.29 views

Concrete CMS: Stored XSS in Name field in User Groups/Group Details form

Intro "The Crayons of Madagascar" Type of issue: Core CMS issue Level of severity: Internal Attack Vector Concrete5 version: 8.2.0 RC2 rev. 32c9daf352645d4fafedb7b956e7f2de4e153ab3 Summary There is Stored XSS vulnerability in User Groups-Group Details Name field. This vulnerability might be used ...

6.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/06/23 12:0 a.m.66 views

Fortinet FortiOS 5.2.x / 5.3.x / 5.4.x < 5.4.5 Multiple XSS (FG-IR-17-127)

The version of Fortinet FortiOS running on the remote device is 5.2.x, 5.3.x, or 5.4.x prior to 5.4.4. It is, therefore, affected by multiple cross-site scripting XSS vulnerabilities : - A cross-site scripting XSS vulnerability exists when saving configuration revisions due to improper validation...

5.4CVSS5.9AI score0.00787EPSS
Exploits0References3
Fortinet
Fortinet
added 2017/06/15 12:0 a.m.42 views

FortiOS XSS vulnerabilities via User Groups & Config Revision Comments

Two XSS vulnerabilities were reported to us affecting FortiOS that can be exploited to load and run a remote malicious Javascript in a logged in browser...

3.5CVSS2.2AI score0.00787EPSS
Exploits0Affected Software1
exploitpack
exploitpack
added 2017/03/11 12:0 a.m.51 views

Fiyo CMS 2.0.6.1 - Privilege Escalation

Fiyo CMS 2.0.6.1 - Privilege Escalation Exploit Title: Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter Google Dork: no Date: 11-03-2017 Exploit Author: @runggareksya, @dvnrcy Vendor Homepage: http://www.fiyo.org Software Link:...

6.5CVSS0.6AI score0.08041EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2017/01/26 12:0 a.m.44 views

Host Asset Information

Nessus collected information about the target host including: - network interfaces including IP addresses, MAC addresses, FQDNs - inventory of installed software - information about users and user groups This data has been stored in the Nessus report database. Note that this plugin will not produ...

5.3AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2016/10/26 12:0 a.m.59 views

[20161003] - Core - Account Modifications

Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments...

9.8CVSS9.2AI score0.02064EPSS
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2016/09/12 12:0 a.m.47 views

XenForo ToggleME 3.1.2 Cross Site Scripting

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: XenForo ToggleME plugin Vendor URL: https://xenforo.com/community/resources/toggleme.137/ Type: Cross-Site Scripting CWE-79 Date found: 2016-09-06 Date published: 2016-09-11 CVSSv3 Score: 5....

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/08/30 12:0 a.m.15 views

phpMyAdmin 4.4.15.x < 4.4.15.7 / 4.6.x < 4.6.3 Multiple Vulnerabilities

Binary data 9536.prm...

9.8CVSS7.3AI score0.02323EPSS
Exploits0References15
CNVD
CNVD
added 2016/06/24 12:0 a.m.5 views

Multiple cross-site scripting vulnerabilities in phpMyAdmin (CNVD-2016-04309)

phpmyadmin is an online management tool for MySQL databases. A cross-site scripting vulnerability exists in phpmyadmin versions 4.4.x and 4.6.x in the user permissions page and the user group function, which can be exploited by an attacker to execute arbitrary scripts across sites...

6.1CVSS9AI score0.0132EPSS
Exploits0References1
phpMyAdmin
phpMyAdmin
added 2016/06/23 12:0 a.m.54 views

Multiple XSS vulnerabilities

PMASA-2016-21 Announcement-ID: PMASA-2016-21 Date: 2016-06-23 Summary Multiple XSS vulnerabilities Description An XSS vulnerability was discovered on the user privileges page. An XSS vulnerability was discovered in the error console. An XSS vulnerability was discovered in the central columns...

6.1CVSS6.9AI score0.0132EPSS
Exploits0Affected Software1
Exploit DB
Exploit DB
added 2016/03/31 12:0 a.m.79 views

MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)

Add admin user Testingus: ---...

7.4AI score
Exploits0
Prion
Prion
added 2015/03/18 2:59 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the administrative backend in MyBB aka MyBulletinBoard before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the 1 MIME-type field in an add action in the config-attachmenttypes module to admin/index.php; 2...

3.5CVSS5.6AI score0.01629EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2015/02/16 3:59 p.m.11 views

PYSEC-2015-33

RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the 1 updaterepo, 2 getlocks, or 3 getusergroups API method...

4CVSS6.6AI score0.00947EPSS
Exploits0References1Affected Software1
Atlassian
Atlassian
added 2014/06/05 7:15 a.m.25 views

Domain restricted signup is creating enabled users on ApacheDS

When a user signs up to a Confluence instance that has domain restricted sign up enabled, they are normally created as disabled users and are unable to login. However, when the underlying user directory does not support disabling users, such as ApacheDS 1.5, then the user ends up being created as...

6.9AI score
Exploits0Affected Software1
Rows per page
Query Builder