3 matches found
CVE-2026-1440
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
PT-2024-40096 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Silverstripe versions prior to a fixed version affected versions not specified Description: The issue affects Internet Explorer browsers, where requests do not encode all entities in the URL string. As a result, when rewriting hashlinks,...
CVE-2019-5590
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands Cross Site Scripting via attack reports generated in HTML form...