Code injection

A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...

CVE-2023-27998

CVE-2023-27998 affects FortiPresence up to 1.2.1 (and all 1.0–1.2.1 per PT-2023-21471) due to a lack of custom error pages. An unauthenticated attacker who can access the login GUI can navigate to specific HTTP(S) paths to disclose sensitive information. The underlying issue is the absence of pro...

CVE-2023-27998

A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...

PortSwigger Web Security: Misconfiguration: Missing Custom Error Page (CWE-12 & CWE-756)

Hi I found that custom errors for http://portswigger.net application framework are not configured., so application vulnerable to CWE-756 & CWE-12 https://cwe.mitre.org/data/definitions/12.html https://cwe.mitre.org/data/definitions/756.html - Impact: Default error pages gives detailed information...