Cross site scripting

A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality...

CVE-2017-3126

An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter...

Cross site scripting

A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature...

Open redirect

An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter...

Open redirect

An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter...

CVE-2017-3126

An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter...

CVE-2017-3126

An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter...

CVE-2017-7343

CVE-2017-7343 : The connected documents confirm a vulnerability in Fortinet FortiPortal ≤ 4.0.0 described as an open redirect via the url parameter . This could allow an attacker to cause unauthorized actions by redirecting or manipulating the request, with the NVD entry noting that an attacker c...

CVE-2017-7339

CVE-2017-7339 affects Fortinet FortiPortal 4.0.0 and earlier, where a cross-site scripting flaw exists in the Add Revision Backup function via the Name and Description inputs. The vulnerability enables an attacker to inject and execute script in the context of a logged-in user. The connected docu...

CVE-2017-7339

A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality...

CVE-2017-3129

A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature...

CVE-2017-3129

A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature...

CVE-2017-3128

A stored XSS Cross-Site-Scripting vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter...

Cross site scripting

A stored XSS Cross-Site-Scripting vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter...

CVE-2017-3128

A stored XSS Cross-Site-Scripting vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter...

CVE-2017-3128

A stored XSS Cross-Site-Scripting vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter...

Jenkins unauthorized code execution vulnerability analysis, updated the vulnerability of the environment, to detect script-vulnerability warning-the black bar safety net

A, summary CloudBees Jenkins 2.32.1 version exists in Java deserialization vulnerability, and ultimately can lead to remote code execution. Jenkins is a continuous integration continuous integration and continuous delivery system, can improve the software development process of the Central Africa...

Revive Ad Server 4.0.1 - Cross-Site Scripting / Cross-Site Request Forgery

--------------------------------------------------------------- Exploit Title: XSRF Stored Revive Ad Server 4.0.1 Date: 24/04/2017 Exploit Author: Cyril Vallicari / HTTPCS / ZIWIT Vendor Website : https://www.revive-adserver.com/ Software download : https://www.revive-adserver.com/download/...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft Windows fails to properly sanitize handles in memory. An attacker who successfully exploited the vulnerability could run arbitrary code as System. An attacker could then install programs; view, change, or delete data; or create new...

CVE-2017-7625

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/apptheme/libs/savefile.php" and then execute code...