CVE-2025-8791

A vulnerability was found in LitmusChaos Litmus up to 3.19.0. It has been rated as critical. This issue affects some unknown processing of the file /auth/listprojects. The manipulation of the argument role leads to improper authorization. The attack may be initiated remotely. The exploit has been...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 Endpoint Monitor, 2 Dialup List, or 3 Log&Report Display modules, or the...

CVE-2012-0941

Multiple cross-site scripting XSS vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 Endpoint Monitor, 2 Dialup List, or 3 Log&Report Display modules, or the...

Mobile Vikings: Number, username and name disclosure

when user request a new card he can input some viking's number as a referrer and in order review page he can see viking's username When he add authorization to his own sim, he can use not only email but username and as a result he can get full vikings name in auth list. See attach...