Total
30543 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22638 | 1 Fortinet | 1 Fortinac | 2024-10-23 | 6.7 Medium |
| Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. | ||||
| CVE-2022-40676 | 1 Fortinet | 1 Fortinac | 2024-10-23 | 7.1 High |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. | ||||
| CVE-2022-41330 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-10-23 | 8.3 High |
| An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. | ||||
| CVE-2022-43955 | 1 Fortinet | 1 Fortiweb | 2024-10-23 | 8 High |
| An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report. | ||||
| CVE-2023-22637 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-10-23 | 5.9 Medium |
| An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. | ||||
| CVE-2023-3660 | 1 Retro Cellphone Online Store Project | 1 Retro Cellphone Online Store | 2024-10-23 | 2.4 Low |
| A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add_user_modal.php. The manipulation of the argument un leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-234014 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-10197 | 1 Code-projects | 1 Pharmacy Management System | 2024-10-23 | 2.4 Low |
| A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2023-3683 | 1 Livelyworks | 1 Articart | 2024-10-23 | 3.5 Low |
| A vulnerability has been found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /items/search. The manipulation of the argument search_term leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3691 | 1 Layui | 1 Layui | 2024-10-23 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.8.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-234237 was assigned to this vulnerability. | ||||
| CVE-2022-31200 | 1 Atmail | 1 Atmail | 2024-10-23 | 6.1 Medium |
| Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field. | ||||
| CVE-2023-38331 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-10-23 | 5.4 Medium |
| Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module. | ||||
| CVE-2024-25284 | 1 3dsecure | 1 3dsecure | 2024-10-22 | 5.4 Medium |
| DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-25283 | 1 3dsecure | 1 3dsecure | 2024-10-22 | 5.4 Medium |
| DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-25282 | 1 3dsecure | 1 3dsecure | 2024-10-22 | 5.4 Medium |
| DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2023-26528 | 1 Shipyaari | 1 Shipping Management | 2024-10-22 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jinit9906 Shipyaari Shipping Management plugin <= 1.0 versions. | ||||
| CVE-2021-43062 | 1 Fortinet | 1 Fortimail | 2024-10-22 | 6.1 Medium |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service. | ||||
| CVE-2021-26092 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-10-22 | 4.7 Medium |
| Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters. | ||||
| CVE-2023-29183 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-10-22 | 7.3 High |
| An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting. | ||||
| CVE-2021-43081 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-10-22 | 6.1 Medium |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. | ||||
| CVE-2022-22304 | 1 Fortinet | 1 Fortiauthenticator Agent For Microsoft Outlook Web Access | 2024-10-22 | 6.1 Medium |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. | ||||