FortiWeb - Cross Site Scripting

FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...

CVE-2026-0554 NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset

The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level...

EUVD-2012-6456

Malware in sbrugna...

CVE-2023-20233

A vulnerability in the Connectivity Fault Management CFM feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages CCMs. ...

CVE-2024-30473

Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points...

CVE-2023-5455

A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...

CentOS 7 : ipa (RHSA-2024:0145)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0145 advisory. - A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the use...

CVE-2023-20233

A vulnerability in the Connectivity Fault Management CFM feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages CCMs. ...

Cisco IOS XR Software Connectivity Fault Management Denial of Service Vulnerability

A vulnerability in the Connectivity Fault Management CFM feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages CCMs. ...

Cross site scripting

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload in different vulnerable API...

CVE-2021-22122

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload in different vulnerable API...

CVE-2012-6609

Directory traversal vulnerability in agetlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. dot dot in the name parameter...

CVE-2012-6610

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; semicolon to the ping command feature...

CVE-2012-6609

Directory traversal vulnerability in agetlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. dot dot in the name parameter...

CVE-2012-6609

CVE-2012-6609 is a directory traversal in Polycom HDX Video Endpoints (before 3.0.4) and UC APL (before 2.7.1.J). An attacker can read arbitrary files by supplying .. in the name parameter via a_getlog.cgi. The NVD entry reports CVSSv2 base score 5.0 (MEDIUM) and CVSSv3.1 base score 7.5 (HIGH), w...

CVE-2012-6610

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; semicolon to the ping command feature...

CVE-2012-6610

CVE-2012-6610 affects Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J. The vulnerability is a command injection that allows remote authenticated users to execute arbitrary commands via the ping feature, demonstrated by using a semicolon to inject commands. Evidence from multip...

CVE-2018-1289

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. A hacker/user can inject/draft...

Accept Answer URL should be idempotent and accept PUT or POST requests only

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46610. panel Answers currently users a single URL to both accept and un-accept answers: noformat $baseurl/acceptanswer/$answeri...

Polycom® HDX® Video End Points Web Management Cross Site Scripting &#40;XSS&#41; vulnerability

Polycom® HDX® Video End Points Web Management Cross Site Scripting XSS vulnerability: - CVE: CVE-2012-4970 - Deloitte Argentina Advisory Code: DTTAR-20120001 - Vendor Status: CONFIRMED - Public Disclosure Date: December, 23rd, 2012. - Vendors Affected: Polycom - http://www.polycom.com/ - Systems...