Vulnerability-Lookup 跨站脚本漏洞

Vulnerability-Lookup is an open source Vulnerability-Lookup platform for managing disclosure of vulnerabilities. A cross-site scripting vulnerability exists in Vulnerability-Lookup versions prior to 2.7.1, which stems from an unneutralized input in a user profile resulting in stored cross-site...

CVE-2019-16149

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system...

CVE-2022-39226 Discourse user profile location and website fields were not sufficiently length-limited

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other...