Lucene search
K

5677 matches found

Cvelist
Cvelist
added 2020/09/18 5:48 p.m.21 views

CVE-2020-14525 Philips Clinical Collaboration Platform Improper Neutralization of Script in Attributes in a Web Page

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users...

3.5CVSS3.5AI score0.00445EPSS
Exploits0References2
OSV
OSV
added 2020/09/11 1:15 p.m.3 views

CVE-2020-16218

In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access t...

3.5CVSS5.8AI score0.00658EPSS
Exploits0References2
OSV
OSV
added 2020/07/29 1:15 p.m.3 views

CVE-2020-14492

OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser...

6.1CVSS6.9AI score0.01216EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/07/17 12:0 a.m.4 views

The vulnerability of VMware vCloud Director, a platform for managing cloud storage, stems from insufficient neutralization of certain elements in requests. This allows an attacker to execute arbitrary code.

The vulnerability of the VMware vCloud Director platform for managing cloud storage repositories is related to insufficient neutralization of specific elements in the request. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

9CVSS8.3AI score0.211EPSS
Exploits11References3Affected Software1
NVD
NVD
added 2020/06/22 4:15 p.m.29 views

CVE-2020-9288

An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack XSS via the ESS profile or the Radius Profile...

5.4CVSS0.00857EPSS
Exploits0References1
NVD
NVD
added 2020/06/04 1:15 p.m.21 views

CVE-2020-6640

An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Description Area...

5.4CVSS5.1AI score0.00857EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/06/04 12:47 p.m.24 views

CVE-2020-6640

An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Description Area...

5.1AI score0.00857EPSS
Exploits0References1
Fortinet
Fortinet
added 2020/06/03 12:0 a.m.26 views

XSS vulnerability in the Description Area of the Admin Profile

An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Description Area...

3.5CVSS3.6AI score0.00857EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/04/23 3:15 p.m.5 views

UBUNTU-CVE-2020-1760

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input...

6.1CVSS6.8AI score0.01525EPSS
Exploits0References4
OSV
OSV
added 2020/04/07 7:15 p.m.3 views

CVE-2020-6647

An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack XSS via the name parameter...

5.4CVSS5.5AI score0.00625EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/04/07 6:41 p.m.12 views

CVE-2020-6647

An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack XSS via the name parameter...

5.8AI score0.00625EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/07 6:41 p.m.20 views

CVE-2020-6647

An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack XSS via the name parameter...

5.2AI score0.00625EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/24 12:0 a.m.3 views

Andover Continuum Cross-Site Scripting Vulnerability

Andover Continuum is a BACnet building management system from Schneider Electric. A reflected cross-site scripting vulnerability exists in Andover Continuum. The vulnerability stems from improper neutralization of inputs during web page generation. An attacker could exploit this vulnerability to...

6.1CVSS6.2AI score0.00776EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/24 12:0 a.m.1 views

Andover Continuum Cross-Site Scripting Vulnerability (CNVD-2020-19526)

Andover Continuum is a BACnet building management system from Schneider Electric. A cross-site scripting vulnerability exists in Andover Continuum. The vulnerability stems from improper neutralization of inputs during web page generation. An attacker could exploit this vulnerability to conduct a...

6.1CVSS6.2AI score0.00773EPSS
Exploits0References1
OSV
OSV
added 2020/03/17 1:15 p.m.4 views

CVE-2020-6646

An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Disclaimer Description of a Replacement Message...

5.4CVSS5.6AI score0.00803EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/03/17 12:49 p.m.12 views

CVE-2020-6646

An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Disclaimer Description of a Replacement Message...

5.5AI score0.00803EPSS
Exploits0References1
OSV
OSV
added 2020/03/13 4:15 p.m.4 views

CVE-2019-6699

An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting XSS via a field in the traffic group interface...

5.4CVSS6.1AI score0.00545EPSS
Exploits0References1
OSV
OSV
added 2020/03/12 10:15 p.m.2 views

CVE-2020-6643

An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack XSS...

5.4CVSS5.3AI score0.0084EPSS
Exploits0References1
NVD
NVD
added 2020/03/12 10:15 p.m.16 views

CVE-2020-6643

An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack XSS...

5.4CVSS5.1AI score0.0084EPSS
Exploits0References1
OSV
OSV
added 2020/01/28 7:15 p.m.3 views

CVE-2019-4635

IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011...

2.7CVSS6.1AI score0.00937EPSS
Exploits0References2
Rows per page
Query Builder