5677 matches found
CVE-2020-14525 Philips Clinical Collaboration Platform Improper Neutralization of Script in Attributes in a Web Page
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users...
CVE-2020-16218
In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access t...
CVE-2020-14492
OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser...
The vulnerability of VMware vCloud Director, a platform for managing cloud storage, stems from insufficient neutralization of certain elements in requests. This allows an attacker to execute arbitrary code.
The vulnerability of the VMware vCloud Director platform for managing cloud storage repositories is related to insufficient neutralization of specific elements in the request. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
CVE-2020-9288
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack XSS via the ESS profile or the Radius Profile...
CVE-2020-6640
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Description Area...
CVE-2020-6640
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Description Area...
XSS vulnerability in the Description Area of the Admin Profile
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Description Area...
UBUNTU-CVE-2020-1760
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input...
CVE-2020-6647
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack XSS via the name parameter...
CVE-2020-6647
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack XSS via the name parameter...
CVE-2020-6647
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack XSS via the name parameter...
Andover Continuum Cross-Site Scripting Vulnerability
Andover Continuum is a BACnet building management system from Schneider Electric. A reflected cross-site scripting vulnerability exists in Andover Continuum. The vulnerability stems from improper neutralization of inputs during web page generation. An attacker could exploit this vulnerability to...
Andover Continuum Cross-Site Scripting Vulnerability (CNVD-2020-19526)
Andover Continuum is a BACnet building management system from Schneider Electric. A cross-site scripting vulnerability exists in Andover Continuum. The vulnerability stems from improper neutralization of inputs during web page generation. An attacker could exploit this vulnerability to conduct a...
CVE-2020-6646
An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Disclaimer Description of a Replacement Message...
CVE-2020-6646
An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Disclaimer Description of a Replacement Message...
CVE-2019-6699
An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting XSS via a field in the traffic group interface...
CVE-2020-6643
An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack XSS...
CVE-2020-6643
An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack XSS...
CVE-2019-4635
IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011...